udpated azure eventhub deletion scenario

2022-03-08 17:57:22 +05:30
parent 0e616b34b3
commit af719c41d2
1 changed files with 49 additions and 1 deletions
@@ -573,4 +573,52 @@ atomic_tests:
    cleanup_command: |
      cmd /c #{DefenderControlExe} /E | Out-Null
    name: powershell
-    elevation_required: true  
+    elevation_required: true
+- name: Azure-Defense-Evasion-Eventhub-Deletion
+  auto_generated_guid: 5e09bed0-7d33-453b-9bf3-caea32bff719
+  description: |
+    Identifies an Event Hub deletion in Azure
+  supported_platforms:
+  - azure-ad
+  input_arguments:
+    username:
+      description: Azure username
+      type: String
+      default: null
+    password:
+      description: Azure password
+      type: String
+      default: null
+    event_hub_name:
+      description: Name of the eventhub
+      type: String
+      default: "test_eventhub"
+    resource_group:
+      description: Name of the resource group
+      type: String
+      default: null
+    name_space_name:
+      description: Name of the NameSpace
+      type: String
+      default: null
+  dependency_executor_name: powershell
+  dependencies:
+  - description: |
+      Install-Module -Name Az
+    prereq_command: |
+      try {if (Get-InstalledModule -Name AzureAD -ErrorAction SilentlyContinue) {exit 0} else {exit 1}} catch {exit 1}
+    get_prereq_command: |
+      Install-Module -Name AzureAD -Force       
+  executor:
+    command: |
+      $secure_pwd = "#{password}" | ConvertTo-SecureString -AsPlainText -Force
+      $creds = New-Object System.Management.Automation.PSCredential -ArgumentList "#{username}", $secure_pwd
+      Connect-AzureAD -Credential $creds
+      New-AzEventHub -ResourceGroupName #{resource_group} -NamespaceName #{name_space_name} -Name #{event_hub_name}
+    cleanup_command: |
+      $secure_pwd = "#{password}" | ConvertTo-SecureString -AsPlainText -Force
+      $creds = New-Object System.Management.Automation.PSCredential -ArgumentList "#{username}", $secure_pwd
+      Connect-AzureAD -Credential $creds
+      Remove-AzEventHub -ResourceGroupName #{resource_group} -Namespace #{name_space_name} -Name #{event_hub_name}
+    name: powershell
+    elevation_required: false