function Invoke-SecurityScan {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$true)]
        [string]$ResourceGroup,

        [ValidateSet('Critical','High','Medium')]
        [string]$SeverityLevel = 'High'
    )

    $securityReport = [PSCustomObject]@{
        Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
        ScannedResources = @()
        SecurityFindings = @()
    }

    # 获取Azure安全中心警报
    $alerts = Get-AzSecurityAlert -ResourceGroupName $ResourceGroup | 
        Where-Object { $_.Severity -eq $SeverityLevel }

    # 自动化响应流程
    $alerts | ForEach-Object {
        $securityReport.ScannedResources += [PSCustomObject]@{
            ResourceID = $_.ResourceId
            AlertType = $_.AlertType
            CompromiseEntity = $_.CompromisedEntity
        }

        # 触发自动化修复动作
        if($_.AlertType -eq 'UnusualResourceDeployment') {
            Start-AzResourceDelete -ResourceId $_.ResourceId -Force
            $securityReport.SecurityFindings += [PSCustomObject]@{
                Action = 'DeletedSuspiciousResource'
                ResourceID = $_.ResourceId
                Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
            }
        }
    }

    # 生成安全态势报告
    $securityReport | ConvertTo-Json -Depth 3 | 
        Out-File -FilePath "$env:TEMP/AzureSecReport_$(Get-Date -Format yyyyMMdd).json"
    return $securityReport
}

function Invoke-ServerlessHealthCheck {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$true)]
        [string]$ResourceGroup
    )

    # 获取函数应用运行环境信息
    $context = Get-AzContext
    $functions = Get-AzFunctionApp -ResourceGroupName $ResourceGroup

    $report = [PSCustomObject]@{
        Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
        FunctionApps = @()
        SecurityFindings = @()
    }

    # 检查TLS版本配置
    $functions | ForEach-Object {
        $config = Get-AzFunctionAppSetting -Name $_.Name -ResourceGroupName $ResourceGroup
        
        $appReport = [PSCustomObject]@{
            AppName = $_.Name
            RuntimeVersion = $_.Config.NetFrameworkVersion
            HTTPSOnly = $_.Config.HttpsOnly
            MinTLSVersion = $config['minTlsVersion']
        }
        $report.FunctionApps += $appReport

        if ($appReport.MinTLSVersion -lt '1.2') {
            $report.SecurityFindings += [PSCustomObject]@{
                Severity = 'High'
                Description = "函数应用 $($_.Name) 使用不安全的TLS版本: $($appReport.MinTLSVersion)"
                Recommendation = '在应用设置中将minTlsVersion更新为1.2'
            }
        }
    }

    # 生成安全报告
    $report | Export-Clixml -Path "$env:TEMP/ServerlessSecurityReport_$(Get-Date -Format yyyyMMdd).xml"
    return $report
}