Created
May 30, 2018 13:02
-
-
Save colindembovsky/e4f5d67ab807914cad5af1e5752e00de to your computer and use it in GitHub Desktop.
Get VSTS Access events that are not from a white-list of IPs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [Parameter(Mandatory=$true, HelpMessage="Name of the VSTS account e.g. FabrikamFiber")] | |
| $VSTSAccount, | |
| [Parameter(Mandatory=$true, HelpMessage="Personal Access Token")] | |
| $PAT, | |
| [Parameter(Mandatory=$true, HelpMessage="Date range start in format yyyy-MM-dd e.g. 2018-05-01. Data is only available for the last 28 days.")] | |
| $StartDate, | |
| [Parameter(Mandatory=$true, HelpMessage="Date range end in format yyyy-MM-dd e.g. 2018-05-30")] | |
| $EndDate, | |
| [Parameter(HelpMessage="List of white-list IPs. Any access from access not in this list is considered an exception.")] | |
| $AllowedIPs = @("192.168.1.1") | |
| ) | |
| # the url of the API to hit | |
| $url = "https://{0}.visualstudio.com/_apis/Utilization/UsageSummary?queryCriteria%5BuserId%5D=&queryCriteria%5BstartTime%5D={1}&queryCriteria%5BendTime%5D={2}&queryCriteria%5BtimeBucket%5D=00%3A05%3A00&queryCriteria%5Bkeywords%5D=&queryCriteria%5Bstatus%5D=0&queryCriteria%5BtSTUFloor%5D=0&queryCriteria%5Bcolumns%5D%5B%5D=1&queryCriteria%5Bcolumns%5D%5B%5D=2&queryCriteria%5Bcolumns%5D%5B%5D=3&queryCriteria%5Bcolumns%5D%5B%5D=5&queryCriteria%5Bcolumns%5D%5B%5D=6&queryCriteria%5Bcolumns%5D%5B%5D=7&queryCriteria%5Bcolumns%5D%5B%5D=8&queryCriteria%5BrecordLimit%5D=5000&api-version=4.0-preview.2" -f $VSTSAccount, $StartDate, $EndDate | |
| # create a header using a PAT | |
| $basicAuthHeader = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("anything:{0}" -f $PAT))) | |
| $headers = @{Authorization=("Basic {0}" -f $basicAuthHeader)} | |
| # invoke a REST call using the header | |
| Write-Host "Getting audit events" -ForegroundColor Yellow | |
| $result = Invoke-RestMethod -Method Get -Uri $url -Headers $headers | |
| Write-Host "Received $($result.count) records" -ForegroundColor Cyan | |
| $exceptionRecords = $result.value | Where-Object { $allowedIPs -notcontains $_.ipAddress } | |
| if ($exceptionRecords.count -gt 0) { | |
| $file = "VSTS-AccessExceptionReport-{0}.csv" -f (Get-Date -Format "yyyy-MM-dd-HH-mm-ss") | |
| Write-Host "Found $($exceptionRecords.count) exceptions: dumping to $($PWD)\$file" -ForegroundColor Red | |
| $exceptionRecords | Export-Csv -Path $file -NoTypeInformation | |
| } else { | |
| Write-Host "No exceptions!" -ForegroundColor Green | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment