I hereby claim:
- I am jpbruckler on github.
- I am jpbruckler (https://keybase.io/jpbruckler) on keybase.
- I have a public key ASBcpZU7vHeomBfcY2QhF5jMkYdFsNh9M3L0ckL1m4d0UAo
To claim this, I am signing this object:
<# | |
.SYNOPSIS | |
Assigns Data Collection Rules to Azure VMs and Azure Arc servers. | |
.DESCRIPTION | |
This script connects to Azure, retrieves all Windows Azure VMs and Azure Arc | |
servers from specified subscriptions, and applies Data Collection Rules to | |
them. It is intended to streamline the setup of monitoring across both Azure | |
VM and Azure Arc environments by automating the association of DCRs. |
format = """ | |
$os\ | |
$username\ | |
$c\ | |
$dotnet\ | |
$elixir\ | |
$erlang\ | |
$java\ | |
$kotlin\ | |
$lua\ |
#Install WinGet | |
#Based on this gist: https://gist.github.com/crutkas/6c2096eae387e544bd05cde246f23901 | |
$hasPackageManager = Get-Command winget -ErrorAction SilentlyContinue | |
[version]$version = if ($hasPackageManager) { | |
(winget --version).trim('v') | |
} | |
else { | |
'0.0.0' | |
} | |
$releasesUrl = 'https://api.github.com/repos/microsoft/winget-cli/releases/latest' |
function New-DcrXPathFilter { | |
<# | |
.SYNOPSIS | |
Generates an XPath filter based on specified Event IDs and a log name. | |
.DESCRIPTION | |
The New-DcrXPathFilter function takes an array of Event IDs, a log name, | |
and an optional operator to create an XPath filter. This filter can be | |
used to query specific events from the Windows Event Log. |
Write-Host ("Starting PowerShell Universal upgrade...") | |
$PSUSettingsPath = (Join-Path -Path $env:ProgramData -ChildPath '\PowerShellUniversal\appsettings.json') | |
if (-not (Test-Path $PSUSettingsPath)) { | |
$PSUSettingsPath = Read-Host ('Unable to find appsettings at {0}. Enter path to appsettings.json' -f $PSUSettingsPath) | |
} | |
$PSUSettings = Get-Content $PSUSettingsPath -Raw | ConvertFrom-Json -Depth 10 | |
$cred = get-credential -Message 'Enter credential for PowerShell Universal Service Account' |
function Get-AttackSurfaceReductionConfig | |
{ | |
$guidLookup = @{ | |
"56a863a9-875e-4185-98a7-b882c64b5ce5" = "Block abuse of exploited vulnerable signed drivers" | |
"7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c" = "Block Adobe Reader from creating child processes" | |
"d4f940ab-401b-4efc-aadc-ad5f3c50688a" = "Block all Office applications from creating child processes" | |
"9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2" = "Block credential stealing from the Windows local security authority subsystem (lsass.exe)" | |
"be9ba2d9-53ea-4cdc-84e5-9b1eeee46550" = "Block executable content from email client and webmail" | |
"01443614-cd74-433a-b99e-2ecdc07bfc25" = "Block executable files from running unless they meet a prevalence, age, or trusted list criterion" | |
"5beb7efe-fd9a-4556-801d-275e5ffc04cc" = "Block execution of potentially obfuscated scripts" |
<# | |
File below is used to deploy a Hyper-V based lab environment using AutomatedLab | |
(https://github.com/AutomatedLab/AutomatedLab) | |
Operating systems needed: Windows Server 2022 Datacenter Edition. | |
Download from wherever you get your server ISOs. | |
For the software installation section, you will need to download 7-zip and PowerShell | |
from official sources and place in the $labSources\SoftwarePackages folder. | |
I hereby claim:
To claim this, I am signing this object:
flowchart TD %% Card Types ABI((Issue Card)) ABT{{Task Cards}} ABP{{Problem Card}} subgraph B1[Epic and Sprint] ABE{{Epic}} ABS{{Sprint}} ABE --> ABS end
<%* | |
// From: https://forum.obsidian.md/t/quickadd-plugin/20032/70 | |
const responses = []; | |
let chc = ["Choice 1", "Choice 2", "Choice 3"] | |
if (!chc.includes("Done")) { | |
chc.push("Done"); | |
} | |
// Multiple selection suggester pattern | |
let r; |