This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param workspaceName string | |
param logRetentionDays int = 90 | |
param tableNames array = [ | |
'ASimNetworkSessionLogs' | |
'ASimAuthenticationEventLogs' | |
'ASimWebSessionLogs' | |
'ASimAuditEventLogs' | |
'ASimDhcpEventLogs' | |
'ASimDnsActivityLogs' | |
'ASimFileEventLogs' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using namespace Microsoft.Azure.PowerShell.Cmdlets.Monitor.DataCollection.Models | |
using namespace System.Management.Automation | |
function New-JAzDataCollectionRule { | |
<# | |
.SYNOPSIS | |
Create a new Data Collection Rule in Azure Monitor. Uses 2023 API for direct DCRs | |
.NOTES | |
The MS Documentation on this sucks but the reference has a good example which is how I figured it out: https://learn.microsoft.com/en-us/rest/api/monitor/data-collection-rules/create?view=rest-monitor-2023-03-11&tabs=HTTP#create-or-update-data-collection-rule-with-embedded-ingestion-endpoints | |
#> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Generates a GUID from a given string value using MD5 hashing. | |
.PARAMETER Value | |
The string value to generate a GUID from. | |
.EXAMPLE | |
Get-Guid -Value "example string" | |
Returns a GUID generated from the string "example string". |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0"?> | |
<SiPolicy xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:schemas-microsoft-com:sipolicy"> | |
<VersionEx>10.0.0.0</VersionEx> | |
<PolicyTypeID>{4E61C68C-97F6-430B-9CD7-9B1004706770}</PolicyTypeID> | |
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID> | |
<Rules> | |
<Rule> | |
<Option>Enabled:UMCI</Option> | |
</Rule> | |
<Rule> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add-Type -TypeDefinition @' | |
using System; | |
using System.Runtime.InteropServices; | |
using System.Security.Cryptography.X509Certificates; | |
public enum DSREG_JOIN_TYPE { | |
DSREG_UNKNOWN_JOIN = 0, | |
DSREG_DEVICE_JOIN = 1, | |
DSREG_WORKPLACE_JOIN = 2 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"background": "#F9F9F9", | |
"black": "#AB3D2C", | |
"blue": "#275FE4", | |
"brightBlack": "#C21458", | |
"brightBlue": "#0099E1", | |
"brightCyan": "#7B86BB", | |
"brightGreen": "#3D942E", | |
"brightPurple": "#CE33C0", | |
"brightRed": "#FF0308", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Original script and research by commial | |
### https://github.com/commial/experiments/tree/master/windows-defender | |
### Set LUADec_Path to binary | |
### https://github.com/viruscamp/luadec | |
import struct | |
import argparse | |
import sys | |
import os | |
import io | |
import subprocess |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-RdpLogonEvent | |
{ | |
[CmdletBinding()] | |
param( | |
[Int32] $Last = 10 | |
) | |
$RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{ | |
LogName='Security' | |
ProviderName='Microsoft-Windows-Security-Auditing' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Event | |
| where EventID == "4104" | |
| extend ParsedEvent = parse_xml(strcat("<root>", ParameterXml, "</root>")) | |
| extend MessageNumber = tolong(ParsedEvent.root.Param[0]) | |
| extend MessageTotal = tolong(ParsedEvent.root.Param[1]) | |
| extend ScriptBlockElement = iff( | |
strlen(tostring(ParsedEvent.root.Param[2]["#text"])) > 0, | |
ParsedEvent.root.Param[2]["#text"], | |
ParsedEvent.root.Param[2]) | |
| extend ScriptBlockId = tostring(ParsedEvent.root.Param[3]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: github pages | |
on: | |
push: | |
branches: | |
- blog # Set a branch to deploy | |
pull_request: | |
jobs: | |
deploy: |
NewerOlder