<# .SYNOPSIS Checks VMware host lockdown mode status and creates incidents for disabled hosts. .DESCRIPTION Recurring PSU schedule task, ~8am. This script connects to the ITD vCenter, retrieves all VMware hosts, and checks their lockdown mode status. If lockdown mode is disabled on any hosts, it creates a ServiceNow incident for review. .EXAMPLE .\VMware-LockdownTickets.ps1 .NOTES Requires VMware PowerCLI and ITD ServiceNow modules. Service account credentials must be available via $PrvCred and $Secret:ndgov_svcitdvmvcro. #> [CmdletBinding()] param ( ) begin { } process { New-ITDServiceNowSession -Credential $Secret:snow_vmcred -Environment Production Connect-ITDvCenter -Credential $Secret:ndgov_svcitdvmvcro $AllVMHosts = Get-VMHost $CurrentState = Get-ITDVMwareVMHostStatus -Name $AllVMHosts $LockdownDisabled = $CurrentState | where-object lockdownmode -eq lockdowndisabled If ($LockdownDisabled) { ForEach ($VMHost in ($LockdownDisabled | Select -First 2)) { Write-Verbose -Message "Start $($VMHost.Name) incident creation" $NewIncidentParams = @{ CallerUsername = 'svcvmwareadm'; ShortDescription = ("Lockdown Mode is disabled on VMware host " + $VMHost.Name); Description = ("Lockdown Mode is disabled on VMware host " + $VMHost.Name + ". Lockdown mode is a required for CIS hardening compliance 3.20 (L1)"); Impact = 3; Urgency = 1; Category = 'Cloud Platforms' Subcategory = 'Virtualization' AssignmentGroup = 'NDIT-Cloud Platforms' } New-ITDServiceNowIncident @NewIncidentParams } } Disconnect-ITDvCenter } end { }