[Bug]: Case sensitive Analysis matching does not work

[master-qwerty]

What happened?
A clear and concise description of what the bug is or what is not working as expected PurView report was not created.

How to reproduce it
Steps to reproduce the behavior:

1. What command are you running?

$param = @{
    Instance       = 'Microsoft365';
    Analysis       = 'PurView';
    DeviceCode     = $true;
    ExportTo       = @("CSV", "JSON", "HTML");
}

Invoke-Monkey365 @param -Verbose

2. See error

Expected behavior
A clear and concise description of what you expected to happen. Collect information and export it as a selected format.

Screenshots or Logs
If applicable, add screenshots to help explain your problem. Also, you can add logs (Please anonymize them first!). The following command may help to share a log Invoke-Monkey365 -Instance...... -Verbose -Debug -InformationAction Continue -WriteLog then attach here monkey365_exceptions_%date%.log Log file is empty, attached is a screen with verbose.

From where are you running Monkey365?
Please, complete the following information:

• Resource: [Docker container, workstation) CloudPC (Virtual workstation)
• OS: [e.g. Windows, Linux, etc. ] Windows 11
• PowerShell Version [$PsVersionTable]:

Name                           Value
----                           -----
PSVersion                      5.1.22621.2506
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.22621.2506
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

also tested with PS Core on Windows

Name                           Value
----                           -----
PSVersion                      7.4.0
PSEdition                      Core
GitCommitId                    7.4.0
OS                             Microsoft Windows 10.0.22631
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

• Monkey365 Version: Monkey365 v0.91.2-beta
• Others:

Additional context Add any other context about the problem here.

[silverhack]

Hey @master-qwerty, that's rare and I can't reproduce your issue. Could you please let me know if it also happens with others services? E.g ExchangeOnline

Thanks in advance,

[master-qwerty]

This is working. The only issue is with the Purview.

$param = @{
    Instance       = 'Microsoft365';
    Analysis       = @("Microsoft365", "ExchangeOnline", "MicrosoftTeams", "SharePointOnline");
    DeviceCode     = $true;
    IncludeEntraID = $true;
    ExportTo       = @("CSV", "JSON", "HTML");
}

Invoke-Monkey365 @param -Verbose

I've tried it on another physical Windows 11 machine, but the same results, PurView is not working.

[silverhack]

Hey @master-qwerty thanks for the quick reply! Could you please also let me know which privileges have the user?

Thanks,

[master-qwerty]

I've just tested it in Windows 10 with PS 5.1, still the same PurView not working.

Regarding the roles of the used account:

• Security Administrator
• Global Reader
• Global Administrator

[silverhack]

Thanks! Could you please add the -InformationAction flag to the command and see results for successful/error authentication attemps?

$param = @{ Instance = 'Microsoft365'; Analysis = @("Purview"); DeviceCode = $true; IncludeEntraID = $true; ExportTo = @("CSV", "JSON", "HTML"); }

Invoke-Monkey365 @param -Verbose -Debug -InformationAction Continue

Thanks,

[master-qwerty]

here is it.

Invoke-Monkey365 @param -Verbose -Debug -InformationAction Continue
VERBOSE: Loading module from path 'C:\Temp\monkey365\core\modules\monkeylogger\monkeylogger.psm1'.
VERBOSE: Loading module from path 'C:\Temp\monkey365\monkey365.psm1'.
CONSOLE: [19:06:12:684] - [Invoke-Monkey365] - Importing MSAL authentication library - info -  - Monkey365LoadMSAL
VERBOSE: Loading module from path 'C:\Temp\monkey365\core\modules\monkeymsal\monkeymsal.psd1'.
VERBOSE: Loading module from path 'C:\Temp\monkey365\core\modules\monkeymsal\monkeymsal.psm1'.
VERBOSE: Exporting function 'Install-Core'.
VERBOSE: Exporting function 'Install-Desktop'.
VERBOSE: Exporting function 'Install-MsalLibrary'.
VERBOSE: Exporting function 'Convert-SecureStringToPlainText'.
VERBOSE: Exporting function 'Get-LocalizedData'.
VERBOSE: Exporting function 'Get-OsInfo'.
VERBOSE: Exporting function 'New-MonkeyMSALApplicationClientOptions'.
VERBOSE: Exporting function 'Get-MonkeyMSALToken'.
VERBOSE: Exporting function 'New-MonkeyMsalApplication'.
VERBOSE: Importing function 'Convert-SecureStringToPlainText'.
VERBOSE: Importing function 'Get-MonkeyMSALToken'.
VERBOSE: Importing function 'New-MonkeyMsalApplication'.
VERBOSE: Importing function 'New-MonkeyMSALApplicationClientOptions'.
CONSOLE: [19:06:13:669] - [New-Logger] - Initializing loggers - info -  - MonkeyLog
CONSOLE: [19:06:13:716] - [Initialize-File] - Log file monkey365_exceptions_20240102080613.log created successfully on C:\Users\ - info -  - MonkeyLog
CONSOLE: [19:06:13:778] - [New-Logger] - Log enabled - info -  - MonkeyLog
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code  to authenticate.
CONSOLE: [19:06:30:919] - [Get-MSALTokenForGraphV2] - A new token was successfully acquired for Microsoft Graph - info -  - MSALSuccessAuth
VERBOSE: [19:06:31:184] - [Get-MonkeyMSGraphObject] - Getting organization from microsoft graph - verbose -  -
CONSOLE: [19:06:31:778] - [Get-MSALTokenForResourceManagement] - A new token was successfully acquired for Resource Management - info -  - MSALSuccessAuth
CONSOLE: [19:06:31:950] - [Select-MonkeyTenant] - Working on Security Lab tenant - info -  - SingleTenant
CONSOLE: [19:06:32:466] - [Get-MSALTokenForGraph] - A new token was successfully acquired for Graph - info -  - MSALSuccessAuth
CONSOLE: [19:06:32:997] - [Get-MSALTokenForAzurePortal] - A new token was successfully acquired for Azure AAD Portal - info -  - MSALSuccessAuth
CONSOLE: [19:06:33:513] - [Get-MSALTokenForPIM] - A new token was successfully acquired for Azure AD Privileged Identity Management - info -  - MSALSuccessAuth
VERBOSE: [19:06:33:513] - [Get-TenantInformation] - Getting tenant information from 58cc55f7-c2fa-4f86-8196-292d3a58a783 Id - verbose -  - AADTenantInfo
VERBOSE: [19:06:33:607] - [Get-MonkeyMSGraphObject] - Getting organization from microsoft graph - verbose -  -
VERBOSE: [19:06:33:700] - [Get-MonkeyMSGraphObject] - Getting subscribedSkus from microsoft graph - verbose -  -
VERBOSE: [19:06:33:747] - [Get-MonkeyMSGraphObject] - Getting domains from microsoft graph - verbose -  -
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code  to authenticate.
CONSOLE: [19:06:55:184] - [Get-MSALTokenForResource] - A new token was successfully acquired for https://outlook.office365.com/ - info -  - MSALSuccessAuth
VERBOSE: [19:06:55:200] - [Read-JWTtoken] - Invalid length for a Base-64 char array or string, adding = - verbose -  -
VERBOSE: [19:06:55:200] - [Read-JWTtoken] - Invalid length for a Base-64 char array or string, adding = - verbose -  -
VERBOSE: [19:06:55:232] - [New-HttpRequestMessage] - Adding client-request-id header - verbose -  -
VERBOSE: [19:06:55:278] - [New-HttpRequestMessage] - Adding Prefer header - verbose -  -
VERBOSE: [19:06:55:981] - [New-HttpRequestMessage] - Adding client-request-id header - verbose -  -
VERBOSE: [19:06:58:497] - [Get-MonkeyMSGraphUserDirectoryRole] - Getting user's information from c07d7028-58a0-428c-af2f-5ea8c90c7301 - verbose -  - AzureGraphDirectoryRoleByUserId
VERBOSE: [19:06:58:575] - [Get-MonkeyMSGraphObject] - Getting users/c07d7028-58a0-428c-af2f-5ea8c90c7301/transitiveMemberOf from microsoft graph - verbose -  -
VERBOSE: [19:06:58:653] - [Get-MonkeyMSGraphObject] - Getting users from microsoft graph - verbose -  -
VERBOSE: [19:06:58:747] - [Get-MonkeyMSGraphObject] - Getting groups from microsoft graph - verbose -  -
VERBOSE: [19:06:58:809] - [Get-MonkeyMSGraphObject] - Getting me from microsoft graph - verbose -  -
VERBOSE: [19:06:59:185] - [New-InitialSessionState] - Null variable value found on WriteLog - verbose -  -
VERBOSE: [19:06:59:185] - [New-InitialSessionState] - Null variable value found on returnData - verbose -  -
VERBOSE: [19:06:59:185] - [New-InitialSessionState] - Importing module: C:\Temp\monkey365\core/modules/monkeymsal - verbose -  -
VERBOSE: [19:06:59:200] - [New-InitialSessionState] - Importing module: C:\Temp\monkey365\core/modules/monkeylogger - verbose -  -
VERBOSE: [19:06:59:200] - [Start-MonkeyJob] - Opening runspacePool - verbose -  -
CONSOLE: [19:06:59:700] - [Invoke-Monkey365] - Total time for JOBs: 0.77 Minutes - info -  - Monkey365FinishedJobs
VERBOSE: [19:06:59:731] - [Stop-Logger] - Stopping logger - verbose -  -
CONSOLE: [19:06:59:731] - [New-Logger] - Stopping loggers - info -  - MonkeyLog
CONSOLE: [19:06:59:747] - [New-Logger] - Logger stopped - info -  - MonkeyLog

logfile is empty

[silverhack]

Hey @master-qwerty now I can reproduce your issue. Thanks!

It seems that it is a typo error. You're executing Monkey365 with the PurView instead of Purview. To avoid misspelling commands, please make use of TAB-completion in PowerShell.

The following command should work:

$p= @{
    Instance = 'Microsoft365';
    Analysis = @("Purview");
    DeviceCode = $true;
    IncludeEntraID = $true;
    ExportTo = @("CSV", "JSON", "HTML");
}

Invoke-Monkey365 @p -Verbose -Debug -InformationAction Continue

Also, I'll update the codebase to ensure that only lower-case is used to evaluate parameters. On the other hand, it seems that there are some small typo errors in the markdown docs, and it should also be updated.

Could you please let me know if that works for you? Thanks,

[master-qwerty]

It is working with Purview now.

I've used JSON format so TAB does not apply to that scenario.

As you already wrote, I've copied it from docu: https://silverhack.github.io/monkey365/configuration/microsoft365-options/.

Maybe an idea to make it case sensitivity independent?

[silverhack]

Hey @master-qwerty,

I've updated the develop branch and this should be fixed now.

Cheers,

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. We kindly ask you to check again if the issue you reported is still relevant in the current version of Monkey 365. If it is, update this issue with a comment, otherwise it will be automatically closed if no further activity occurs. Thank you for your contributions.

[github-actions[bot]]

This issue was closed because it has been inactive for 14 days since being marked as stale. If the issue is still relevant, feel free to re-open it or open a new one.