ASM Policy Report

Problem this snippet solves:

PowerShell script using F5 iControls that produces an email report of all ASM policies and what websites they protect. If a policy is enabled at the HTTP Class, it will be presented via a green table. Disabled policies will be presented via a red table.

Code :

# ==============================================================================================
# 
# COMMENT: used on our 1600 running v11 to email out a weekly report of websites protected by the ASM
#
# Created from Ps Config Archiving @https://devcentral.f5.com/s/wiki/iControl.PsConfigArchiving.ashx
# 
# ==============================================================================================
# Customize the following six variables
$g_file = "C:\Folder\File.txt" # ref: http://technet.microsoft.com/en-us/magazine/ff714574.aspx
$g_uid = "F5User" 
$g_bigip = "F5.domain.com" 

$g_email_to = "recipient@domain.com" 
$g_email_from = "ASM Policy Report "
$g_email_smtp = "smtp.domain.com"

Set-PSDebug -strict;

Function Get-ASMPolicyList(){
    $ASMPolicyList = (Get-F5.iControl).ASMWebApplication.get_list() | Select-String "/Common/*" | %{$_.line.substring(8)} | Sort-Object
    Return $ASMPolicyList 
} # End Get-ASMPolicyList Function

Function Get-LogonPwd(){
$a1 = Get-Content -Path $g_file | ConvertTo-SecureString
$b1 = New-Object system.management.automation.pscredential($g_uid,$a1)
$ReturnValue = $b1.GetNetworkCredential().password
Return $ReturnValue
} # End Get-Logon Function

function Get-PolicyState($PolicyName){
    $FullPolicyName = "/Common/$PolicyName"
    $PolicyState = ((Get-F5.iControl).ASMWebApplication).get_enabled_state($FullPolicyName)
    Return $PolicyState
}  # End Get-PolicyState Function

Function Do-Initialize($pwd){
if ( (Get-PSSnapin | Where-Object { $_.Name -eq "iControlSnapIn"}) -eq $null ){
    Add-PSSnapIn iControlSnapIn
  }
  $success = Initialize-F5.iControl -HostName $g_bigip -Username $g_uid -Password $PWD;
  return $success;
} # End Do-Initialize Function

Function Get-PolicyPatterns($PolicyName){
    $PolicyPatterns = (Get-F5.iControl).LocalLBProfileHttpClass.get_host_match_pattern($PolicyName) | %{$_.values} | Format-Table Pattern -HideTableHeaders | Out-String 
    Return $PolicyPatterns.trim()
} # End Get-PolicyPatterns Function

Function Get-EmailSendFunc($SUBJECT,$BODY){
Send-MailMessage -SmtpServer $g_email_smtp -To $g_email_to -From $g_email_from -Subject $SUBJECT -Body $BODY -BodyAsHtml
} # End Get-EmailFunc Function

Function Get-TableFormat($heading,$contents,$state){
    $contentsHTML = ""
    if($contents.length -gt 1){
        $contents = $contents.split(" ") | Where-Object {$_ -ne ""} | %{$_.trim()}
        foreach($item in $contents){
            $contentsHTML += "$item"
        }
    }
    if($state -eq $true){
        [string]$TableFormatReturn = "$contentsHTML
$heading
"
    }
    else {
        [string]$TableFormatReturn = "$contentsHTML
$heading
"
    }
    Return $TableFormatReturn
} # End Get-TableFormat Function

#-------------------------------------------------------------------------
# Main Application Logic
#-------------------------------------------------------------------------
$g_pwd = Get-LogonPwd

if(Do-Initialize -pwd $g_pwd){

[string]$MainBody = ""
$MainBody = ""

$MainBodyFooter = "
Red indicates disabled policies while green indicates enabled policies.
"

    $MainASMPolicyList = Get-ASMPolicyList
    foreach($MainASMPolicy in $MainASMPolicyList){
    $MainPolicyState = Get-PolicyState -PolicyName $MainASMPolicy
    $MainPolicyPattern = Get-PolicyPatterns -PolicyName $MainASMPolicy
       $MainPolicyPatternHTML = Get-TableFormat -heading $MainASMPolicy -contents $MainPolicyPattern -state $MainPolicyState
$MainBody = $MainBody + $MainPolicyPatternHTML
    }
    $MainBody += $MainBodyFooter
    $emailDate = (get-date).tostring("MMMM dd")
    Get-EmailSendFunc -SUBJECT "ASM Policy Report - $emailDate" -BODY $MainBody
}
else {
    Get-EmailFunc -SUBJECT "FAILED: Do-Initialize" -BODY "ASM Policy Report"
}
Exit
Exit