【发布时间】:2010-12-04 05:24:41
【问题描述】:
我正在尝试从 Microsoft Security Baseline Analyzer 2 结果中提取各种信息,并找到了这个脚本:http://fatbeards.blogspot.com/2009/01/powershell-mbsa-logs.html,但是我还需要一个关键更新的统计,而不仅仅是脚本当前所做的所有更新。
关键更新用 Severity="4" 表示,如下所示,但是到目前为止,我还没有设法得到一个计数。该列是在 Excel 中创建的,但未填充该字段。任何帮助将不胜感激。
下面是我正在处理的原始 XML 数据的 sn-p:
<SecScan ID="0" DisplayName="xxxx" Machine="xxxx" Date="2009-10-02 11:15:37" LDate="02/10/2009 11:15" Domain="DOMAIN" IP="192.168.34.24" Grade="2" HotfixDataVersion="" MbsaToolVersion="2.1.2104.0" IsWorkgroup="False" SUSServer="" HFFlags="20" SecurityUpdatesScanDone="True" WUSSource="Microsoft Update">
[ Text Truncated ]
<Check ID="500" Grade="5" Type="5" Cat="1" Rank="1" Name="SQL Server Security Updates" URL1="Help/Check5311.html" URL2="Help/Check5311fix.html" GroupID="0a4c6c73-8887-4d7f-9cbe-d08fa8fa9d1e" GroupName="SQL Server"><Advice>No security updates are missing.</Advice><Detail><UpdateData ID="MS06-061" GUID="07609d43-d518-4e77-856e-d1b316d1b8a8" BulletinID="MS06-061" KBID="925673" Type="1" IsInstalled="true" Severity="4" RestartRequired="false"><Title>MSXML 6.0 RTM Security Update (925673)</Title><References><BulletinURL>http://www.microsoft.com/technet/security/bulletin/MS06-061.mspx</BulletinURL><InformationURL>http://support.microsoft.com/kb/925673</InformationURL><DownloadURL>http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/msxml6-kb925673-enu-x86_571e99946aa6674ee6a70cf5801682ec323c7ae0.exe</DownloadURL></References><OtherIDs><OtherID Type="CVE">CVE-2006-4685</OtherID><OtherID Type="CVE">CVE-2006-4686</OtherID></OtherIDs></UpdateData>
[ Text Truncated ]
这是目前为止的代码。粗体字是我的补充。
$Path = "C:\mbsalog"
$files = get-Childitem $Path | where{$_.Extension -match "mbsa"}
# Get Excel ready
$Excel = New-Object -comobject Excel.Application
$Excel.visible = $True
$Workbook = $Excel.Workbooks.Add()
$Info = $Workbook.Worksheets.Item(1)
# Create our column headers
$Info.Cells.Item(1,1) = "Server name"
$Info.Cells.Item(1,2) = "SDK Components Security Updates"
$Info.Cells.Item(1,3) = "SQL Server Security Updates"
$Info.Cells.Item(1,4) = "Windows Security Updates"
$Info.Cells.Item(1,5) = "BizTalk Server Security Updates"
$Info.Cells.Item(1,6) = "Exchange Security Updates"
$Info.Cells.Item(1,7) = "Office Security Updates"
$Info.Cells.Item(1,8) = "关键胜利更新"
# Add a little formatting
$Style = $Info.UsedRange
$Style.Interior.ColorIndex = 19
$Style.Font.ColorIndex = 11
$Style.Font.Bold = $True
$intRow = 2
# iterate over each .mbsa file
foreach ($file in $files)
{
[XML]$ScanResult = Get-Content $file
$Scanned = $ScanResult.SecScan.Check | select Name, Advice
$CritUp = $ScanResult.SecScan.Check.UpdateData |选择严重性
$Server = $ScanResult.SecScan.Machine
foreach($Scan in $Scanned)
{
# if Advice doesn't start with a numeric value then set it equal to 0
if( $Scan.Advice -match '^(?<Cnt>[0-9]*)'){$Advice=$matches.cnt} else{$Advice=0}
if( $Scan.CritUp -match "4"){$CritUp=$matches.cnt} else{$CritUp=0}
$Style.Cells.Item($intRow, 1) = $Server
switch ($Scan.Name)
{
SDK Components Security Updates{$Style.Cells.Item($intRow, 2) = $Advice;break}
SQL Server Security Updates {$Style.Cells.Item($intRow, 3) = $Advice;break}
Windows Security Updates {$Style.Cells.Item($intRow, 4) = $Advice;break}
BizTalk Server Security Updates{$Style.Cells.Item($intRow, 5) = $Advice;break}
Exchange Security Updates{$Style.Cells.Item($intRow, 6) = $Advice;break}
Office Security Updates {$Style.Cells.Item($intRow, 7) = $Advice;break}
关键胜利更新 {$Style.Cells.Item($intRow, 8) = $CritUp;break} }
}
$intRow = $intRow + 1
}
提前致谢。
【问题讨论】:
标签: xml powershell