【问题标题】:Extracting MBSA XML Data using Powershell使用 Powershell 提取 MBSA XML 数据
【发布时间】:2010-12-04 05:24:41
【问题描述】:

我正在尝试从 Microsoft Security Baseline Analyzer 2 结果中提取各种信息,并找到了这个脚本:http://fatbeards.blogspot.com/2009/01/powershell-mbsa-logs.html,但是我还需要一个关键更新的统计,而不仅仅是脚本当前所做的所有更新。

关键更新用 Severity="4" 表示,如下所示,但是到目前为止,我还没有设法得到一个计数。该列是在 Excel 中创建的,但未填充该字段。任何帮助将不胜感激。

下面是我正在处理的原始 XML 数据的 sn-p:

<SecScan ID="0" DisplayName="xxxx" Machine="xxxx" Date="2009-10-02 11:15:37" LDate="02/10/2009 11:15" Domain="DOMAIN" IP="192.168.34.24" Grade="2" HotfixDataVersion="" MbsaToolVersion="2.1.2104.0" IsWorkgroup="False" SUSServer="" HFFlags="20" SecurityUpdatesScanDone="True" WUSSource="Microsoft Update">

[ Text Truncated ]

<Check ID="500" Grade="5" Type="5" Cat="1" Rank="1" Name="SQL Server Security Updates" URL1="Help/Check5311.html" URL2="Help/Check5311fix.html" GroupID="0a4c6c73-8887-4d7f-9cbe-d08fa8fa9d1e" GroupName="SQL Server"><Advice>No security updates are missing.</Advice><Detail><UpdateData ID="MS06-061" GUID="07609d43-d518-4e77-856e-d1b316d1b8a8" BulletinID="MS06-061" KBID="925673" Type="1" IsInstalled="true" Severity="4" RestartRequired="false"><Title>MSXML 6.0 RTM Security Update  (925673)</Title><References><BulletinURL>http://www.microsoft.com/technet/security/bulletin/MS06-061.mspx</BulletinURL><InformationURL>http://support.microsoft.com/kb/925673</InformationURL><DownloadURL>http://www.download.windowsupdate.com/msdownload/update/v3-19990518/cabpool/msxml6-kb925673-enu-x86_571e99946aa6674ee6a70cf5801682ec323c7ae0.exe</DownloadURL></References><OtherIDs><OtherID Type="CVE">CVE-2006-4685</OtherID><OtherID Type="CVE">CVE-2006-4686</OtherID></OtherIDs></UpdateData>

[ Text Truncated ]

这是目前为止的代码。粗体字是我的补充。

$Path = "C:\mbsalog"
$files = get-Childitem $Path | where{$_.Extension -match "mbsa"}

# Get Excel ready
$Excel = New-Object -comobject Excel.Application
$Excel.visible = $True 
$Workbook = $Excel.Workbooks.Add()
$Info = $Workbook.Worksheets.Item(1)

# Create our column headers
$Info.Cells.Item(1,1) = "Server name"  
$Info.Cells.Item(1,2) = "SDK Components Security Updates"  
$Info.Cells.Item(1,3) = "SQL Server Security Updates"  
$Info.Cells.Item(1,4) = "Windows Security Updates"  
$Info.Cells.Item(1,5) = "BizTalk Server Security Updates"  
$Info.Cells.Item(1,6) = "Exchange Security Updates"  
$Info.Cells.Item(1,7) = "Office Security Updates"

$Info.Cells.Item(1,8) = "关键胜利更新"

# Add a little formatting
$Style = $Info.UsedRange
$Style.Interior.ColorIndex = 19
$Style.Font.ColorIndex = 11
$Style.Font.Bold = $True  

$intRow = 2

# iterate over each .mbsa file
foreach ($file in $files)
{
 [XML]$ScanResult = Get-Content $file
 $Scanned = $ScanResult.SecScan.Check | select Name, Advice

$CritUp = $ScanResult.SecScan.Check.UpdateData |选择严重性

 $Server = $ScanResult.SecScan.Machine
  foreach($Scan in $Scanned)
 {
  # if Advice doesn't start with a numeric value then set it equal to 0
  if( $Scan.Advice -match '^(?<Cnt>[0-9]*)'){$Advice=$matches.cnt} else{$Advice=0}

if( $Scan.CritUp -match "4"){$CritUp=$matches.cnt} else{$CritUp=0}

 $Style.Cells.Item($intRow, 1) = $Server

  switch ($Scan.Name) 
  {
SDK Components Security Updates{$Style.Cells.Item($intRow, 2) = $Advice;break}
SQL Server Security Updates {$Style.Cells.Item($intRow, 3) = $Advice;break}
Windows Security Updates {$Style.Cells.Item($intRow, 4) = $Advice;break}
BizTalk Server Security Updates{$Style.Cells.Item($intRow, 5) = $Advice;break}
Exchange Security Updates{$Style.Cells.Item($intRow, 6) = $Advice;break}
Office Security Updates  {$Style.Cells.Item($intRow, 7) = $Advice;break}

关键胜利更新 {$Style.Cells.Item($intRow, 8) = $CritUp;break} }

 }
 $intRow = $intRow + 1

}  

提前致谢。

【问题讨论】:

    标签: xml powershell


    【解决方案1】:

    关于这一行:

    $CritUp = $ScanResult.SecScan.Check.UpdateData | select Severity
    

    不是Detail节点下的Update数据即:

    $CritUp = $ScanResult.SecScan.Check.Detail.UpdateData | select Severity
    

    你脚本中的这个“if语句”有问题:

    if( $Scan.CritUp -match "4"){$CritUp=$matches.cnt} else{$CritUp=0}
    

    我不确定您是如何从 $CritUp 到 $Scan.CritUp。无论如何,由于您正在尝试计算严重性 4 项目的数量,我认为您这样做的方式不是最好的方法。在这种情况下,一点点 XPath 会大有帮助,例如:

    $XPathExpr = "/SecScan/Check/Detail/UpdateData[@Severity = '4']"
    $CritUp = ($ScanResult.SelectNodes($XPathExpr)).Count
    

    【讨论】:

    • 啊,是的,很好的定位。谢谢。不过,在正确计数方面仍然存在一些问题。怀疑我的“if”命令不正确。
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2021-05-29
    • 2020-07-02
    • 2013-09-26
    • 1970-01-01
    • 2021-01-12
    • 2018-01-27
    • 2015-03-28
    相关资源
    最近更新 更多