diff --git a/Hawk/functions/Tenant/Start-HawkTenantInvestigation.ps1 b/Hawk/functions/Tenant/Start-HawkTenantInvestigation.ps1 index c88e3c0..d1552c4 100644 --- a/Hawk/functions/Tenant/Start-HawkTenantInvestigation.ps1 +++ b/Hawk/functions/Tenant/Start-HawkTenantInvestigation.ps1 @@ -100,7 +100,6 @@ param ( [DateTime]$StartDate, [DateTime]$EndDate, - [ValidateRange(1, 365)] [int]$DaysToLookBack, [string]$FilePath, [switch]$SkipUpdate, @@ -108,29 +107,92 @@ ) + # begin { + # # Validate parameters if in non-interactive mode + # if ($NonInteractive) { + + + # # if ($NonInteractive) { + + # # Write-Output "ENTERING COMMAND LINE INTERFACE NON INTERACTIVE MODE" + + # # # Check if DaysToLookBack is valid before calling the conversion function + # # if ($DaysToLookBack -ne $null -and $DaysToLookBack -ge 1 -and $DaysToLookBack -le 365) { + # # $ConvertedDates = Convert-HawkDaysToDates -DaysToLookBack $DaysToLookBack + # # $StartDate = $ConvertedDates.StartDate + # # $EndDate = $ConvertedDates.EndDate + # # } + + # # } + # # if ($NonInteractive) { + + # # Write-Output "ENTERING COMMAND LINE INTERFACE NON INTERACTIVE MODE" + + # # # Check if DaysToLookBack is valid before calling the conversion function + # # if ($DaysToLookBack -ne $null -and $DaysToLookBack -ge 1 -and $DaysToLookBack -le 365) { + # # $ConvertedDates = Convert-HawkDaysToDates -DaysToLookBack $DaysToLookBack + # # $StartDate = $ConvertedDates.StartDate + # # $EndDate = $ConvertedDates.EndDate + # # } + + # # } + + + # $validation = Test-HawkInvestigationParameter -StartDate $StartDate -EndDate $EndDate ` + # -DaysToLookBack $DaysToLookBack -FilePath $FilePath -NonInteractive + + # if (-not $validation.IsValid) { + # foreach ($error in $validation.ErrorMessages) { + # Stop-PSFFunction -Message $error -EnableException $true + # } + # } + + + # try { + # # Initialize with provided parameters + # Initialize-HawkGlobalObject -StartDate $StartDate -EndDate $EndDate -DaysToLookBack $DaysToLookBack ` + # -FilePath $FilePath -SkipUpdate:$SkipUpdate -NonInteractive:$NonInteractive + # } + # catch { + # Stop-PSFFunction -Message "Failed to initialize Hawk: $_" -EnableException $true + # } + # } + + # } + + begin { - # Validate parameters if in non-interactive mode if ($NonInteractive) { - $validation = Test-HawkInvestigationParameter -StartDate $StartDate -EndDate $EndDate ` + # If DaysToLookBack is specified, convert it first + if ($PSBoundParameters.ContainsKey('DaysToLookBack') -and $DaysToLookBack -ge 1 -and $DaysToLookBack -le 365) { + $convertedDates = Convert-HawkDaysToDate -DaysToLookBack $DaysToLookBack + $StartDate = $convertedDates.StartDate + $EndDate = $convertedDates.EndDate + } + + # Now call validation with updated StartDate/EndDate + $validation = Test-HawkInvestigationParameter ` + -StartDate $StartDate -EndDate $EndDate ` -DaysToLookBack $DaysToLookBack -FilePath $FilePath -NonInteractive - + if (-not $validation.IsValid) { foreach ($error in $validation.ErrorMessages) { Stop-PSFFunction -Message $error -EnableException $true } } - } - - try { - # Initialize with provided parameters - Initialize-HawkGlobalObject -StartDate $StartDate -EndDate $EndDate -DaysToLookBack $DaysToLookBack ` - -FilePath $FilePath -SkipUpdate:$SkipUpdate -NonInteractive:$NonInteractive - } - catch { - Stop-PSFFunction -Message "Failed to initialize Hawk: $_" -EnableException $true + + try { + Initialize-HawkGlobalObject -StartDate $StartDate -EndDate $EndDate ` + -DaysToLookBack $DaysToLookBack -FilePath $FilePath ` + -SkipUpdate:$SkipUpdate -NonInteractive:$NonInteractive + } + catch { + Stop-PSFFunction -Message "Failed to initialize Hawk: $_" -EnableException $true + } } } + process { if (Test-PSFFunctionInterrupt) { return } diff --git a/Hawk/internal/functions/Convert-HawkDaysToDate.ps1 b/Hawk/internal/functions/Convert-HawkDaysToDate.ps1 index f4bd57c..74b2594 100644 --- a/Hawk/internal/functions/Convert-HawkDaysToDate.ps1 +++ b/Hawk/internal/functions/Convert-HawkDaysToDate.ps1 @@ -34,7 +34,7 @@ Function Convert-HawkDaysToDate { # Calculate the dates $startDate = (Get-Date).ToUniversalTime().AddDays(-$DaysToLookBack).Date - $endDate = (Get-Date).ToUniversalTime().AddDays(1).Date + $endDate = (Get-Date).ToUniversalTime().Date # Return the dates as a PSCustomObject [PSCustomObject]@{ diff --git a/Hawk/internal/functions/Initialize-HawkGlobalObject.ps1 b/Hawk/internal/functions/Initialize-HawkGlobalObject.ps1 index 8c01566..c253c15 100644 --- a/Hawk/internal/functions/Initialize-HawkGlobalObject.ps1 +++ b/Hawk/internal/functions/Initialize-HawkGlobalObject.ps1 @@ -196,85 +196,53 @@ ### Main ### $InformationPreference = "Continue" - Write-HawkBanner - - if (-not $NonInteractive) { - - $OutputPath = Set-LoggingPath($FilePath) + + if (($null -eq (Get-Variable -Name Hawk -ErrorAction SilentlyContinue)) -or ($Force -eq $true) -or ($null -eq $Hawk)) { + Write-HawkBanner + # Create the global $Hawk variable immediately with minimal properties $Global:Hawk = [PSCustomObject]@{ - FilePath = $OutputPath - DaysToLookBack = $DaysToLookBack - StartDate = $StartDate - EndDate = $EndDate + FilePath = $null # Will be set shortly + DaysToLookBack = $null + StartDate = $null + EndDate = $null WhenCreated = $null } + # Set up the file path first, before any other operations + if ([string]::IsNullOrEmpty($FilePath)) { + # Suppress Graph connection output during initial path setup + $Hawk.FilePath = Set-LoggingPath -ErrorAction Stop + } + else { + $Hawk.FilePath = Set-LoggingPath -path $FilePath -ErrorAction Stop 2>$null + } + # Now that FilePath is set, we can use Out-LogFile + Out-LogFile "Hawk output directory created at: $($Hawk.FilePath)" -Information + + # Setup Application insights + Out-LogFile "Setting up Application Insights" -Action + New-ApplicationInsight - # Configuration Example, currently not used - #TODO: Implement Configuration system across entire project - # Set-PSFConfig -Module 'Hawk' -Name 'DaysToLookBack' -Value $Days -PassThru | Register-PSFConfig - if ($OutputPath) { - Set-PSFConfig -Module 'Hawk' -Name 'FilePath' -Value $OutputPath -PassThru | Register-PSFConfig + ### Checking for Updates ### + # If we are skipping the update log it + if ($SkipUpdate) { + Out-LogFile -string "Skipping Update Check" -Information + } + # Check to see if there is an Update for Hawk + else { + Update-HawkModule } - # Continue populating the Hawk object with other properties - # $Hawk.DaysToLookBack = $Days - $Hawk.StartDate = $StartDate - $Hawk.EndDate = $EndDate - $Hawk.WhenCreated = (Get-Date).ToUniversalTime().ToString("g") + # Test Graph connection + Out-LogFile "Testing Graph Connection" -Action - Write-HawkConfigurationComplete -Hawk $Hawk - - return - - } else { - if (($null -eq (Get-Variable -Name Hawk -ErrorAction SilentlyContinue)) -or ($Force -eq $true) -or ($null -eq $Hawk)) { + Test-GraphConnection - Write-HawkBanner - - # Create the global $Hawk variable immediately with minimal properties - $Global:Hawk = [PSCustomObject]@{ - FilePath = $null # Will be set shortly - DaysToLookBack = $null - StartDate = $null - EndDate = $null - WhenCreated = $null - } - - # Set up the file path first, before any other operations - if ([string]::IsNullOrEmpty($FilePath)) { - # Suppress Graph connection output during initial path setup - $Hawk.FilePath = Set-LoggingPath -ErrorAction Stop - } - else { - $Hawk.FilePath = Set-LoggingPath -path $FilePath -ErrorAction Stop 2>$null - } - - # Now that FilePath is set, we can use Out-LogFile - Out-LogFile "Hawk output directory created at: $($Hawk.FilePath)" -Information - - # Setup Application insights - Out-LogFile "Setting up Application Insights" -Action - New-ApplicationInsight - - ### Checking for Updates ### - # If we are skipping the update log it - if ($SkipUpdate) { - Out-LogFile -string "Skipping Update Check" -Information - } - # Check to see if there is an Update for Hawk - else { - Update-HawkModule - } - - # Test Graph connection - Out-LogFile "Testing Graph Connection" -Action - - Test-GraphConnection - + + if (-not $NonInteractive) { try { $LicenseInfo = Test-LicenseType $MaxDaysToGoBack = $LicenseInfo.RetentionPeriod @@ -290,213 +258,213 @@ $LicenseType = "Unknown" } - # Ensure MaxDaysToGoBack does not exceed 365 days - if ($MaxDaysToGoBack -gt 365) { $MaxDaysToGoBack = 365 } - - # Start date validation: Add check for negative numbers - while ($null -eq $StartDate) { - Write-Output "`n" - Out-LogFile "Please specify the first day of the search window:" -isPrompt - Out-LogFile " Enter a number of days to go back (1-$MaxDaysToGoBack)" -isPrompt - Out-LogFile " OR enter a date in MM/DD/YYYY format" -isPrompt - Out-LogFile " Default is 90 days back: " -isPrompt -NoNewLine - $StartRead = (Read-Host).Trim() - - # Determine if input is a valid date - if ($null -eq ($StartRead -as [DateTime])) { - #### Not a DateTime #### - if ([string]::IsNullOrEmpty($StartRead)) { - $StartRead = 90 - } - + } + + + # Ensure MaxDaysToGoBack does not exceed 365 days + if ($MaxDaysToGoBack -gt 365) { $MaxDaysToGoBack = 365 } + + # Start date validation: Add check for negative numbers + while ($null -eq $StartDate) { + Write-Output "`n" + Out-LogFile "Please specify the first day of the search window:" -isPrompt + Out-LogFile " Enter a number of days to go back (1-$MaxDaysToGoBack)" -isPrompt + Out-LogFile " OR enter a date in MM/DD/YYYY format" -isPrompt + Out-LogFile " Default is 90 days back: " -isPrompt -NoNewLine + $StartRead = (Read-Host).Trim() + + # Determine if input is a valid date + if ($null -eq ($StartRead -as [DateTime])) { + #### Not a DateTime #### + if ([string]::IsNullOrEmpty($StartRead)) { + $StartRead = 90 + } + + # Validate input is a positive number + if ($StartRead -match '^\-') { + Out-LogFile -string "Please enter a positive number of days." -isError + continue + } + + # Validate numeric value + if ($StartRead -notmatch '^\d+$') { + Out-LogFile -string "Please enter a valid number of days." -isError + continue + } + + # Validate the entered days back + if ($StartRead -gt $MaxDaysToGoBack) { + Out-LogFile -string "You have entered a time frame greater than your license allows ($MaxDaysToGoBack days)." -isWarning + Out-LogFile "Press ENTER to proceed or type 'R' to re-enter the value: " -isPrompt -NoNewLine + $Proceed = (Read-Host).Trim() + if ($Proceed -eq 'R') { continue } + } + + if ($StartRead -gt 365) { + Out-LogFile -string "Log retention cannot exceed 365 days. Setting retention to 365 days." -isWarning + $StartRead = 365 + } + + # Calculate start date + [DateTime]$StartDate = ((Get-Date).ToUniversalTime().AddDays(-$StartRead)).Date + Write-Output "" + Out-LogFile -string "Start date set to: $StartDate [UTC]" -Information + + } + # Handle DateTime input + elseif (!($null -eq ($StartRead -as [DateTime]))) { + [DateTime]$StartDate = (Get-Date $StartRead).ToUniversalTime().Date + + # Validate the date + if ($StartDate -gt (Get-Date).ToUniversalTime()) { + Out-LogFile -string "Start date cannot be in the future." -isError + $StartDate = $null + continue + } + + if ($StartDate -lt ((Get-Date).ToUniversalTime().AddDays(-$MaxDaysToGoBack))) { + Out-LogFile -string "The date entered exceeds your license retention period of $MaxDaysToGoBack days." -isWarning + Out-LogFile "Press ENTER to proceed or type 'R' to re-enter the date:" -isPrompt -NoNewLine + $Proceed = (Read-Host).Trim() + if ($Proceed -eq 'R') { $StartDate = $null; continue } + } + + if ($StartDate -lt ((Get-Date).ToUniversalTime().AddDays(-365))) { + Out-LogFile -string "The date cannot exceed 365 days. Setting to the maximum limit of 365 days." -isWarning + [DateTime]$StartDate = ((Get-Date).ToUniversalTime().AddDays(-365)).Date + + } + + Out-LogFile -string "Start Date (UTC): $StartDate" -Information + } + else { + Out-LogFile -string "Invalid date information provided. Could not determine if this was a date or an integer." -isError + $StartDate = $null + continue + } + } + + # End date logic with enhanced validation + while ($null -eq $EndDate) { + Write-Output "`n" + Out-LogFile "Please specify the last day of the search window:" -isPrompt + Out-LogFile " Enter a number of days to go back from today (1-365)" -isPrompt + Out-LogFile " OR enter a specific date in MM/DD/YYYY format" -isPrompt + Out-LogFile " Default is today's date:" -isPrompt -NoNewLine + $EndRead = (Read-Host).Trim() + + # End date validation + if ($null -eq ($EndRead -as [DateTime])) { + if ([string]::IsNullOrEmpty($EndRead)) { + [DateTime]$tempEndDate = (Get-Date).ToUniversalTime().Date + } + else { # Validate input is a positive number - if ($StartRead -match '^\-') { + if ($EndRead -match '^\-') { Out-LogFile -string "Please enter a positive number of days." -isError continue } - + # Validate numeric value - if ($StartRead -notmatch '^\d+$') { + if ($EndRead -notmatch '^\d+$') { Out-LogFile -string "Please enter a valid number of days." -isError continue } - - # Validate the entered days back - if ($StartRead -gt $MaxDaysToGoBack) { - Out-LogFile -string "You have entered a time frame greater than your license allows ($MaxDaysToGoBack days)." -isWarning - Out-LogFile "Press ENTER to proceed or type 'R' to re-enter the value: " -isPrompt -NoNewLine - $Proceed = (Read-Host).Trim() - if ($Proceed -eq 'R') { continue } - } - - if ($StartRead -gt 365) { - Out-LogFile -string "Log retention cannot exceed 365 days. Setting retention to 365 days." -isWarning - $StartRead = 365 - } - - # Calculate start date - [DateTime]$StartDate = ((Get-Date).ToUniversalTime().AddDays(-$StartRead)).Date - Write-Output "" - Out-LogFile -string "Start date set to: $StartDate [UTC]" -Information - - } - # Handle DateTime input - elseif (!($null -eq ($StartRead -as [DateTime]))) { - [DateTime]$StartDate = (Get-Date $StartRead).ToUniversalTime().Date - - # Validate the date - if ($StartDate -gt (Get-Date).ToUniversalTime()) { - Out-LogFile -string "Start date cannot be in the future." -isError - $StartDate = $null - continue - } - - if ($StartDate -lt ((Get-Date).ToUniversalTime().AddDays(-$MaxDaysToGoBack))) { - Out-LogFile -string "The date entered exceeds your license retention period of $MaxDaysToGoBack days." -isWarning - Out-LogFile "Press ENTER to proceed or type 'R' to re-enter the date:" -isPrompt -NoNewLine - $Proceed = (Read-Host).Trim() - if ($Proceed -eq 'R') { $StartDate = $null; continue } - } - - if ($StartDate -lt ((Get-Date).ToUniversalTime().AddDays(-365))) { - Out-LogFile -string "The date cannot exceed 365 days. Setting to the maximum limit of 365 days." -isWarning - [DateTime]$StartDate = ((Get-Date).ToUniversalTime().AddDays(-365)).Date - - } - - Out-LogFile -string "Start Date (UTC): $StartDate" -Information + + Out-LogFile -string "End Date (UTC): $EndRead days." -Information + [DateTime]$tempEndDate = ((Get-Date).ToUniversalTime().AddDays(-($EndRead - 1))).Date } - else { - Out-LogFile -string "Invalid date information provided. Could not determine if this was a date or an integer." -isError - $StartDate = $null + + if ($StartDate -gt $tempEndDate) { + Out-LogFile -string "End date must be more recent than start date ($StartDate)." -isError continue } + + $EndDate = $tempEndDate + Write-Output "" + Out-LogFile -string "End date set to: $EndDate [UTC]`n" -Information } - - # End date logic with enhanced validation - while ($null -eq $EndDate) { - Write-Output "`n" - Out-LogFile "Please specify the last day of the search window:" -isPrompt - Out-LogFile " Enter a number of days to go back from today (1-365)" -isPrompt - Out-LogFile " OR enter a specific date in MM/DD/YYYY format" -isPrompt - Out-LogFile " Default is today's date:" -isPrompt -NoNewLine - $EndRead = (Read-Host).Trim() - - # End date validation - if ($null -eq ($EndRead -as [DateTime])) { - if ([string]::IsNullOrEmpty($EndRead)) { - [DateTime]$tempEndDate = (Get-Date).ToUniversalTime().Date - } - else { - # Validate input is a positive number - if ($EndRead -match '^\-') { - Out-LogFile -string "Please enter a positive number of days." -isError - continue - } - - # Validate numeric value - if ($EndRead -notmatch '^\d+$') { - Out-LogFile -string "Please enter a valid number of days." -isError - continue - } - - Out-LogFile -string "End Date (UTC): $EndRead days." -Information - [DateTime]$tempEndDate = ((Get-Date).ToUniversalTime().AddDays(-($EndRead - 1))).Date - } - - if ($StartDate -gt $tempEndDate) { - Out-LogFile -string "End date must be more recent than start date ($StartDate)." -isError - continue - } - - $EndDate = $tempEndDate - Write-Output "" - Out-LogFile -string "End date set to: $EndDate [UTC]`n" -Information - } - elseif (!($null -eq ($EndRead -as [DateTime]))) { - - [DateTime]$tempEndDate = (Get-Date $EndRead).ToUniversalTime().Date - - if ($StartDate -gt $tempEndDate) { - Out-LogFile -string "End date must be more recent than start date ($StartDate)." -isError - continue - } - elseif ($tempEndDate -gt ((Get-Date).ToUniversalTime().AddDays(1))) { - Out-LogFile -string "EndDate too far in the future. Setting EndDate to today." -isWarning - $tempEndDate = (Get-Date).ToUniversalTime().Date - } - - $EndDate = $tempEndDate - Out-LogFile -string "End date set to: $EndDate [UTC]`n" -Information - } - else { - Out-LogFile -string "Invalid date information provided. Could not determine if this was a date or an integer." -isError + elseif (!($null -eq ($EndRead -as [DateTime]))) { + + [DateTime]$tempEndDate = (Get-Date $EndRead).ToUniversalTime().Date + + if ($StartDate -gt $tempEndDate) { + Out-LogFile -string "End date must be more recent than start date ($StartDate)." -isError continue } + elseif ($tempEndDate -gt ((Get-Date).ToUniversalTime().AddDays(1))) { + Out-LogFile -string "EndDate too far in the future. Setting EndDate to today." -isWarning + $tempEndDate = (Get-Date).ToUniversalTime().Date + } + + $EndDate = $tempEndDate + Out-LogFile -string "End date set to: $EndDate [UTC]`n" -Information } - # End date logic remains unchanged - if ($null -eq $EndDate) { - Write-Output "`n" - Out-LogFile "Please specify the last day of the search window:" -isPrompt - Out-LogFile " Enter a number of days to go back from today (1-365)" -isPrompt - Out-LogFile " OR enter a specific date in MM/DD/YYYY format" -isPrompt - Out-LogFile " Default is today's date:" -isPrompt -NoNewLine - $EndRead = (Read-Host).Trim() - - # End date validation - if ($null -eq ($EndRead -as [DateTime])) { - if ([string]::IsNullOrEmpty($EndRead)) { - [DateTime]$EndDate = (Get-Date).ToUniversalTime().Date - } else { - Out-LogFile -string "End Date (UTC): $EndRead days." -Information - [DateTime]$EndDate = ((Get-Date).ToUniversalTime().AddDays(-($EndRead - 1))).Date - } - - if ($StartDate -gt $EndDate) { - Out-LogFile -string "StartDate cannot be more recent than EndDate" -isError - } else { - Write-Output "" - Out-LogFile -string "End date set to: $EndDate [UTC]`n" -Information - } - } elseif (!($null -eq ($EndRead -as [DateTime]))) { - [DateTime]$EndDate = (Get-Date $EndRead).ToUniversalTime().Date - - if ($StartDate -gt $EndDate) { - Out-LogFile -string "EndDate is earlier than StartDate. Setting EndDate to today." -isWarning - [DateTime]$EndDate = (Get-Date).ToUniversalTime().Date - } elseif ($EndDate -gt ((Get-Date).ToUniversalTime().AddDays(1))) { - Out-LogFile -string "EndDate too far in the future. Setting EndDate to today." -isWarning - [DateTime]$EndDate = (Get-Date).ToUniversalTime().Date - } - - Out-LogFile -string "End date set to: $EndDate [UTC]`n" -Information + else { + Out-LogFile -string "Invalid date information provided. Could not determine if this was a date or an integer." -isError + continue + } + } + # End date logic remains unchanged + if ($null -eq $EndDate) { + Write-Output "`n" + Out-LogFile "Please specify the last day of the search window:" -isPrompt + Out-LogFile " Enter a number of days to go back from today (1-365)" -isPrompt + Out-LogFile " OR enter a specific date in MM/DD/YYYY format" -isPrompt + Out-LogFile " Default is today's date:" -isPrompt -NoNewLine + $EndRead = (Read-Host).Trim() + + # End date validation + if ($null -eq ($EndRead -as [DateTime])) { + if ([string]::IsNullOrEmpty($EndRead)) { + [DateTime]$EndDate = (Get-Date).ToUniversalTime().Date } else { - Out-LogFile -string "Invalid date information provided. Could not determine if this was a date or an integer." -isError + Out-LogFile -string "End Date (UTC): $EndRead days." -Information + [DateTime]$EndDate = ((Get-Date).ToUniversalTime().AddDays(-($EndRead - 1))).Date } + + if ($StartDate -gt $EndDate) { + Out-LogFile -string "StartDate cannot be more recent than EndDate" -isError + } else { + Write-Output "" + Out-LogFile -string "End date set to: $EndDate [UTC]`n" -Information + } + } elseif (!($null -eq ($EndRead -as [DateTime]))) { + [DateTime]$EndDate = (Get-Date $EndRead).ToUniversalTime().Date + + if ($StartDate -gt $EndDate) { + Out-LogFile -string "EndDate is earlier than StartDate. Setting EndDate to today." -isWarning + [DateTime]$EndDate = (Get-Date).ToUniversalTime().Date + } elseif ($EndDate -gt ((Get-Date).ToUniversalTime().AddDays(1))) { + Out-LogFile -string "EndDate too far in the future. Setting EndDate to today." -isWarning + [DateTime]$EndDate = (Get-Date).ToUniversalTime().Date + } + + Out-LogFile -string "End date set to: $EndDate [UTC]`n" -Information + } else { + Out-LogFile -string "Invalid date information provided. Could not determine if this was a date or an integer." -isError } - - # Configuration Example, currently not used - #TODO: Implement Configuration system across entire project - Set-PSFConfig -Module 'Hawk' -Name 'DaysToLookBack' -Value $Days -PassThru | Register-PSFConfig - if ($OutputPath) { - Set-PSFConfig -Module 'Hawk' -Name 'FilePath' -Value $OutputPath -PassThru | Register-PSFConfig - } - - # Continue populating the Hawk object with other properties - $Hawk.DaysToLookBack = $Days - $Hawk.StartDate = $StartDate - $Hawk.EndDate = $EndDate - $Hawk.WhenCreated = (Get-Date).ToUniversalTime().ToString("g") - - Write-HawkConfigurationComplete -Hawk $Hawk - - } - else { - Out-LogFile -string "Valid Hawk Object already exists no actions will be taken." -Information + + # Configuration Example, currently not used + #TODO: Implement Configuration system across entire project + Set-PSFConfig -Module 'Hawk' -Name 'DaysToLookBack' -Value $Days -PassThru | Register-PSFConfig + if ($OutputPath) { + Set-PSFConfig -Module 'Hawk' -Name 'FilePath' -Value $OutputPath -PassThru | Register-PSFConfig } - } + # Continue populating the Hawk object with other properties + $Hawk.DaysToLookBack = $DaysToLookBack + $Hawk.StartDate = $StartDate + $Hawk.EndDate = $EndDate + $Hawk.WhenCreated = (Get-Date).ToUniversalTime().ToString("g") + + Write-HawkConfigurationComplete -Hawk $Hawk + + } + else { + Out-LogFile -string "Valid Hawk Object already exists no actions will be taken." -Information + } } diff --git a/Hawk/internal/functions/Test-HawkInvestigationParameter.ps1 b/Hawk/internal/functions/Test-HawkInvestigationParameter.ps1 index 7bfb0a1..3bf9a4f 100644 --- a/Hawk/internal/functions/Test-HawkInvestigationParameter.ps1 +++ b/Hawk/internal/functions/Test-HawkInvestigationParameter.ps1 @@ -99,6 +99,7 @@ Function Test-HawkInvestigationParameter { } # Validate DaysToLookBack regardless of mode + if ($DaysToLookBack) { if ($DaysToLookBack -lt 1 -or $DaysToLookBack -gt 365) { $isValid = $false