MSAdministrator/gist:69bb4d19242c379904ca

## gistfile1.txt
#requires -Version 2
function Get-NotificationData
{
    [cmdletbinding()]
    param (
        [parameter(Mandatory = $true,
                ValueFromPipeline = $true,
                ValueFromPipelineByPropertyName = $true,
        HelpMessage = 'Please enter a QID (Qualys ID) to search for')]
        [ValidateCount(1,20)]
        [ValidateNotNullOrEmpty()]
        [string[]]$QID,

        [parameter(Mandatory = $true,
                ValueFromPipeline = $true,
                ValueFromPipelineByPropertyName = $true,
        HelpMessage = 'Please provide a crednetial obejct')]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.CredentialAttribute()]$credential
    )


    <#
            .SYNOPSIS
            Get-NotificationData gathers and parses vulnerable hosts data into an object for email
            notifications to their Business Unit Manager (Primary Point of Contact).

            .DESCRIPTION
            Get-NotificationData gathers vulnerable host information and relays that information to the
            assets owner/Unit Manager (PPOC).  The Function is layed out as such:
            Import an XML file containing data about the Business Units within Qualys
            Import an XML file containing data bout the Asset Groups within Qualys (only returns Unit Managers details)
            Does an Asset Search for VulnerableHosts containing the requested QID
            Downloads the Qualys KnowledgeBase data for that QID
            Takes each VulnerableHost does the following:
            Takes each Asset Group
            Checks if the Asset Group is listed within the VulnerableHost information
            Takes each Business Unit "Unit Manager" user role
            Checks if a Asset Group user login is equal to the "Unit Manager" user login
            Checks if the Asset Group User Login has a user role of "Unit Manager"
            If all checks are made, it creates an object with the following info for each Vulnerable Host
            (NOTE: This is the structure of the returned Object for reach "Vulnerable Host")
            businessunitinfo
            businessunit
            userlogin
            firstname
            lastname
            title
            email
            userrole
            assetgroupinfo
            userlogin
            userrole
            assetgrouptitle
            ip
            vulnerablehost
            vulnhost
            QualysKBInfo
            }
            .PARAMETER ip
            Specify a single or a comma seperated list of IP addresses you are wanting to search

            .PARAMETER assetgroup
            Specifices a single or a comma seperated list of Asset Groups you are wanting to search
            Default value is "All"

            .PARAMETER Credential
            Specifices a set of credentials used to query the QualysGuard API

            .INPUTS
            You can pipe PSCustomObjects that have an IP, QID, assetgroup property(ies) to Get-VulnerableHost

            .EXAMPLE
            C:\PS> Get-VulnerableHost -ip "128.206.14.92,128.206.14.95,128.206.12.57" -QID "105489" -credential $cred

            .EXAMPLE
            C:\PS> Get-VulnerableHost -assetgroup "DC Assets (DC)" -QID "105489" -credential $cred

            .EXAMPLE
            C:\PS> $custompsobject | Get-VulnerableHost -credential $cred
            $custompsobject has two properties - IP and QID

    #>

    $vulnhostobject = @()
    $ipaddresses = @()
    $notificationData = @()
    $vulnerableHostInfo = @()
    $assetgroupinfo = @()
    $results = @()
    $vulnhost = @()
    $assetgroup = @()
    $businessunitinfo = @()
    $assetgroupinfo = @()

    #each of these XML files are generated every night or a set amount of time.
    $businessunitinfo = Import-Clixml -Path C:\POSH-Guard\_supporting_data\businessunitinfo.xml
    $assetgroupinfo = Import-Clixml -Path C:\POSH-Guard\_supporting_data\assetgroupinfo.xml

    $vulnerableHostInfo = Get-VulnerableHost -assetgroup 'All' -QID $QID -credential $credential
    $knowledgeBaseInfo = Get-KnowledgebaseInfo -QID $QID -credential $credential

    Write-Debug "Vulnerable Host Count is: $($vulnerableHostInfo.count)"
    foreach ($vulnhost in $vulnerableHostInfo)
    {
        write-host "VulnerableHost IP: $($vulnhost.ipaddress)"
        foreach ($assetgroup in $assetgroupinfo)
        {
            for ($a = 0;$a -lt ($vulnhost.assetgroup).count;$a++)
            {
                for ($b = 0;$b -lt ($assetgroup.assetgrouptitle).count;$b++)
                {
                    for ($u = 0; $u -le $($businessunitinfo.userlogin).count;$u++)
                    {
                        if ($vulnhost.assetgroup[$a] -eq $assetgroup[$b].assetgrouptitle)
                        {

                            if ($assetgroup[$b].userlogin -eq $businessunitinfo[$u].userlogin)
                            {

                                if ($assetgroup[$b].userrole -eq 'Unit Manager')
                                {
                                    Write-Host "Vulnerable Host Asset Group: $($vulnhost.assetgroup[$a])"
                                    Write-Host "Asset Group User Login: $($assetgroup[$b].userlogin)"
                                    Write-Host "Asset Group User Role: $($assetgroup[$b].userrole)"
                                    $props = @{
                                        businessunitinfo = @{
                                            businessunit   = $businessunitinfo[$u].businessunit
                                            userlogin      = $businessunitinfo[$u].userlogin
                                            firstname      = $businessunitinfo[$u].firstname
                                            lastname       = $businessunitinfo[$u].lastname
                                            title          = $businessunitinfo[$u].title
                                            email          = $businessunitinfo[$u].email
                                            userrole       = $businessunitinfo[$u].userrole
                                            assetgroupinfo = @{
                                                userlogin       = $assetgroup[$b].userlogin
                                                userrole        = $assetgroup[$b].userrole
                                                assetgrouptitle = $assetgroup[$b].assetgrouptitle
                                                ip              = $assetgroup[$b].ip
                                                vulnerablehost  = @{
                                                    vulnhost = $vulnhost
                                                }
                                            }
                                        }
                                        QualysKBInfo     = $knowledgeBaseInfo
                                    }

                                    $temphostobject = New-Object -TypeName PSObject -Property $props
                                    $vulnhostobject += $temphostobject
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    return $vulnhostobject
}
	#requires -Version 2
	function Get-NotificationData
	{
	[cmdletbinding()]
	param (
	[parameter(Mandatory = $true,
	ValueFromPipeline = $true,
	ValueFromPipelineByPropertyName = $true,
	HelpMessage = 'Please enter a QID (Qualys ID) to search for')]
	[ValidateCount(1,20)]
	[ValidateNotNullOrEmpty()]
	[string[]]$QID,

	[parameter(Mandatory = $true,
	ValueFromPipeline = $true,
	ValueFromPipelineByPropertyName = $true,
	HelpMessage = 'Please provide a crednetial obejct')]
	[ValidateNotNullOrEmpty()]
	[System.Management.Automation.CredentialAttribute()]$credential
	)


	<#
	.SYNOPSIS
	Get-NotificationData gathers and parses vulnerable hosts data into an object for email
	notifications to their Business Unit Manager (Primary Point of Contact).

	.DESCRIPTION
	Get-NotificationData gathers vulnerable host information and relays that information to the
	assets owner/Unit Manager (PPOC). The Function is layed out as such:
	Import an XML file containing data about the Business Units within Qualys
	Import an XML file containing data bout the Asset Groups within Qualys (only returns Unit Managers details)
	Does an Asset Search for VulnerableHosts containing the requested QID
	Downloads the Qualys KnowledgeBase data for that QID
	Takes each VulnerableHost does the following:
	Takes each Asset Group
	Checks if the Asset Group is listed within the VulnerableHost information
	Takes each Business Unit "Unit Manager" user role
	Checks if a Asset Group user login is equal to the "Unit Manager" user login
	Checks if the Asset Group User Login has a user role of "Unit Manager"
	If all checks are made, it creates an object with the following info for each Vulnerable Host
	(NOTE: This is the structure of the returned Object for reach "Vulnerable Host")
	businessunitinfo
	businessunit
	userlogin
	firstname
	lastname
	title
	email
	userrole
	assetgroupinfo
	userlogin
	userrole
	assetgrouptitle
	ip
	vulnerablehost
	vulnhost
	QualysKBInfo
	}
	.PARAMETER ip
	Specify a single or a comma seperated list of IP addresses you are wanting to search

	.PARAMETER assetgroup
	Specifices a single or a comma seperated list of Asset Groups you are wanting to search
	Default value is "All"

	.PARAMETER Credential
	Specifices a set of credentials used to query the QualysGuard API

	.INPUTS
	You can pipe PSCustomObjects that have an IP, QID, assetgroup property(ies) to Get-VulnerableHost

	.EXAMPLE
	C:\PS> Get-VulnerableHost -ip "128.206.14.92,128.206.14.95,128.206.12.57" -QID "105489" -credential $cred

	.EXAMPLE
	C:\PS> Get-VulnerableHost -assetgroup "DC Assets (DC)" -QID "105489" -credential $cred

	.EXAMPLE
	C:\PS> $custompsobject \| Get-VulnerableHost -credential $cred
	$custompsobject has two properties - IP and QID

	#>

	$vulnhostobject = @()
	$ipaddresses = @()
	$notificationData = @()
	$vulnerableHostInfo = @()
	$assetgroupinfo = @()
	$results = @()
	$vulnhost = @()
	$assetgroup = @()
	$businessunitinfo = @()
	$assetgroupinfo = @()

	#each of these XML files are generated every night or a set amount of time.
	$businessunitinfo = Import-Clixml -Path C:\POSH-Guard\_supporting_data\businessunitinfo.xml
	$assetgroupinfo = Import-Clixml -Path C:\POSH-Guard\_supporting_data\assetgroupinfo.xml

	$vulnerableHostInfo = Get-VulnerableHost -assetgroup 'All' -QID $QID -credential $credential
	$knowledgeBaseInfo = Get-KnowledgebaseInfo -QID $QID -credential $credential

	Write-Debug "Vulnerable Host Count is: $($vulnerableHostInfo.count)"
	foreach ($vulnhost in $vulnerableHostInfo)
	{
	write-host "VulnerableHost IP: $($vulnhost.ipaddress)"
	foreach ($assetgroup in $assetgroupinfo)
	{
	for ($a = 0;$a -lt ($vulnhost.assetgroup).count;$a++)
	{
	for ($b = 0;$b -lt ($assetgroup.assetgrouptitle).count;$b++)
	{
	for ($u = 0; $u -le $($businessunitinfo.userlogin).count;$u++)
	{
	if ($vulnhost.assetgroup[$a] -eq $assetgroup[$b].assetgrouptitle)
	{

	if ($assetgroup[$b].userlogin -eq $businessunitinfo[$u].userlogin)
	{

	if ($assetgroup[$b].userrole -eq 'Unit Manager')
	{
	Write-Host "Vulnerable Host Asset Group: $($vulnhost.assetgroup[$a])"
	Write-Host "Asset Group User Login: $($assetgroup[$b].userlogin)"
	Write-Host "Asset Group User Role: $($assetgroup[$b].userrole)"
	$props = @{
	businessunitinfo = @{
	businessunit = $businessunitinfo[$u].businessunit
	userlogin = $businessunitinfo[$u].userlogin
	firstname = $businessunitinfo[$u].firstname
	lastname = $businessunitinfo[$u].lastname
	title = $businessunitinfo[$u].title
	email = $businessunitinfo[$u].email
	userrole = $businessunitinfo[$u].userrole
	assetgroupinfo = @{
	userlogin = $assetgroup[$b].userlogin
	userrole = $assetgroup[$b].userrole
	assetgrouptitle = $assetgroup[$b].assetgrouptitle
	ip = $assetgroup[$b].ip
	vulnerablehost = @{
	vulnhost = $vulnhost
	}
	}
	}
	QualysKBInfo = $knowledgeBaseInfo
	}

	$temphostobject = New-Object -TypeName PSObject -Property $props
	$vulnhostobject += $temphostobject
	}
	}
	}
	}
	}
	}
	}
	}
	return $vulnhostobject
	}