我正在尝试从Microsoft Security Baseline Analyzer 2结果中提取各种信息,并帮助找到了这个脚本:http://fatbeards.blogspot.com/2009/01/powershell-mbsa-logs.html,但是我还需要一些CRITICAL更新,而不仅仅是脚本当前所做的所有更新。
关键更新用Severity =“4”表示,如下所示,但到目前为止,我还没有设法从中获得计数。该列在Excel中创建,但该字段未填充。任何帮助将不胜感激。
下面是我正在处理的原始XML数据的片段:
<SecScan ID="0" DisplayName="xxxx" Machine="xxxx" Date="2009-10-02 11:15:37" LDate="02/10/2009 11:15" Domain="DOMAIN" IP="192.168.34.24" Grade="2" HotfixDataVersion="" MbsaToolVersion="2.1.2104.0" IsWorkgroup="False" SUSServer="" HFFlags="20" SecurityUpdatesScanDone="True" WUSSource="Microsoft Update">
[ Text Truncated ]
<Check ID="500" Grade="5" Type="5" Cat="1" Rank="1" Name="SQL Server Security Updates" URL1="Help/Check5311.html" URL2="Help/Check5311fix.html" GroupID="0a4c6c73-8887-4d7f-9cbe-d08fa8fa9d1e" GroupName="SQL Server"><Advice>No security updates are missing.</Advice><Detail><UpdateData ID="MS06-061" GUID="07609d43-d518-4e77-856e-d1b316d1b8a8" BulletinID="MS06-061" KBID="925673" Type="1" IsInstalled="true" Severity="4" RestartRequired="false"><Title>MSXML 6.0 RTM Security Update (925673)</Title><References><BulletinURL>http://www.microsoft.com/technet/security/bulletin/MS06-061.mspx</BulletinURL><InformationURL>http://support.microsoft.com/kb/925673</InformationURL><DownloadURL>http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/msxml6-kb925673-enu-x86_571e99946aa6674ee6a70cf5801682ec323c7ae0.exe</DownloadURL></References><OtherIDs><OtherID Type="CVE">CVE-2006-4685</OtherID><OtherID Type="CVE">CVE-2006-4686</OtherID></OtherIDs></UpdateData>
[ Text Truncated ]
这是迄今为止的代码。大胆的文字是我的补充。
$Path = "C:\mbsalog"
$files = get-Childitem $Path | where{$_.Extension -match "mbsa"}
# Get Excel ready
$Excel = New-Object -comobject Excel.Application
$Excel.visible = $True
$Workbook = $Excel.Workbooks.Add()
$Info = $Workbook.Worksheets.Item(1)
# Create our column headers
$Info.Cells.Item(1,1) = "Server name"
$Info.Cells.Item(1,2) = "SDK Components Security Updates"
$Info.Cells.Item(1,3) = "SQL Server Security Updates"
$Info.Cells.Item(1,4) = "Windows Security Updates"
$Info.Cells.Item(1,5) = "BizTalk Server Security Updates"
$Info.Cells.Item(1,6) = "Exchange Security Updates"
$Info.Cells.Item(1,7) = "Office Security Updates"
$ Info.Cells.Item(1,8)=“关键赢取更新”
# Add a little formatting
$Style = $Info.UsedRange
$Style.Interior.ColorIndex = 19
$Style.Font.ColorIndex = 11
$Style.Font.Bold = $True
$intRow = 2
# iterate over each .mbsa file
foreach ($file in $files)
{
[XML]$ScanResult = Get-Content $file
$Scanned = $ScanResult.SecScan.Check | select Name, Advice
$ CritUp = $ ScanResult.SecScan.Check.UpdateData |选择严重性
$Server = $ScanResult.SecScan.Machine
foreach($Scan in $Scanned)
{
# if Advice doesn't start with a numeric value then set it equal to 0
if( $Scan.Advice -match '^(?<Cnt>[0-9]*)'){$Advice=$matches.cnt} else{$Advice=0}
if($ Scan.CritUp -match“4”){$ CritUp = $ matches.cnt} else {$ CritUp = 0}
$Style.Cells.Item($intRow, 1) = $Server
switch ($Scan.Name)
{
SDK Components Security Updates{$Style.Cells.Item($intRow, 2) = $Advice;break}
SQL Server Security Updates {$Style.Cells.Item($intRow, 3) = $Advice;break}
Windows Security Updates {$Style.Cells.Item($intRow, 4) = $Advice;break}
BizTalk Server Security Updates{$Style.Cells.Item($intRow, 5) = $Advice;break}
Exchange Security Updates{$Style.Cells.Item($intRow, 6) = $Advice;break}
Office Security Updates {$Style.Cells.Item($intRow, 7) = $Advice;break}
关键赢取更新{$ Style.Cells.Item($ intRow,8)= $ CritUp; break} }
}
$intRow = $intRow + 1
}
提前致谢。
答案 0 :(得分:0)
关于这一行:
$CritUp = $ScanResult.SecScan.Check.UpdateData | select Severity
不是详细信息节点下的更新数据,即:。
$CritUp = $ScanResult.SecScan.Check.Detail.UpdateData | select Severity
脚本中的“if语句”存在问题:
if( $Scan.CritUp -match "4"){$CritUp=$matches.cnt} else{$CritUp=0}
我不确定你是如何从$ CritUp到$ Scan.CritUp的。无论如何,既然你试图计算严重性4项的数量,我不认为你这样做是最好的方法。在这种情况下,一点点XPath会有很长的路要走,例如:
$XPathExpr = "/SecScan/Check/Detail/UpdateData[@Severity = '4']"
$CritUp = ($ScanResult.SelectNodes($XPathExpr)).Count