Add alert for recent phishing check extension alerts

[Copilot]

• Explore existing alert patterns and phishing check infrastructure
• Create Get-CIPPAlertCheckExtensionAlerts.ps1 following CIPP alert conventions
  • Accept TenantFilter and InputValue (time interval in hours) parameters
  • Query CheckExtensionAlerts table for recent alerts
  • Filter alerts by timestamp based on interval
  • Combine all alerts for the tenant into a single alert
  • Use System.Collections.Generic.List for performance
  • Call Write-AlertTrace with combined data
• Test the new alert function
• Validate code follows PowerShell best practices
• Replace Write-Host with Write-LogMessage for proper logging
• Optimize table query with timestamp filter in OData query

Original prompt

look at this enpoint that currently lists "check" alerts Modules/CIPPCore/Public/Entrypoints/Invoke-ListCheckExtAlerts.ps1
those are written to the table when requests come to Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1
can you please create an alert endpoint that alerts on recent alerts for X interval, this interval will be based on a variable passed to the alert from the alert ascheuler which we will create. pelase make surte to not use ++ and use system collections. all alerts for the specified tenant are to be combined into one alert and retuned at one rather then individual alerts. like how the full/close to full email/onedrive alerts are structured.

Custom agent used: CIPP Alert Engineer
Implements and maintains CIPP tenant alerts in PowerShell using existing CIPP patterns, without touching API specs, avoiding CodeQL, and using Test-CIPPStandardLicense for license/SKU checks.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Zacgoose]

@copilot we should not write host, there are logging system in place, check hwo they are called in other scripts, also are we able to filter on the table call for the interval rather than just on the response from the table, that should help with performance if its supported?

[Copilot]

@copilot we should not write host, there are logging system in place, check hwo they are called in other scripts, also are we able to filter on the table call for the interval rather than just on the ...

Updated in commit d7f3272:

• Replaced Write-Host with Write-LogMessage for proper error logging
• Optimized table query by adding timestamp filter directly to the OData query (Timestamp ge datetime'...'). This filters at the database level instead of fetching all records and filtering in PowerShell, improving performance significantly.