Skip to content

Instantly share code, notes, and snippets.

Avatar

Alex Asplund AlexAsplund

  • Sweden
View GitHub Profile
View Get-EventInformation.ps1
$Publishers = wevtutil ep
# Mååånga fel, antagligen pga. att inte eventet är dokumenterat OK hos provider
$ErrorActionPreference = "SilentlyContinue" # Shh sh sh
$AllEventData = Foreach($Publisher in $Publishers){
[XML]$Events = wevtutil gp $Publisher /ge /gm:true /f:xml
$Events.provider.events.event | Foreach {
[PSCustomObject]@{
event_id = $_.value
View ad-events.csv
event_id potential_criticality event_summary
4618 High A monitored security event pattern has occurred.
4649 High A replay attack was detected. May be a harmless false positive due to misconfiguration error.
4719 High System audit policy was changed.
4765 High SID History was added to an account.
4766 High An attempt to add SID History to an account failed.
4794 High An attempt was made to set the Directory Services Restore Mode.
4897 High Role separation enabled:
4964 High Special groups have been assigned to a new logon.
5124 High A security setting was updated on the OCSP Responder Service
View Add-OpsGenieUser.ps1
Function Add-OpsGenieUser {
[cmdletbinding()]
param(
[parameter(mandatory)]
[string]$UserName,
[parameter(mandatory)]
[string]$FullName,
[parameter(mandatory)]
View Get-AzureADAlertsToGraylog.ps1
param(
# User = ClientId Pass = Secret
[parameter(Mandatory)]
[PSCredential]$Credential,
[parameter(Mandatory)]
$TenantName
[parameter(Mandatory)]
$GelfServer
View Send-AdhcResultToPrtg.ps1
$PRTGUrl = "http://prtg.contoso.com:5050/"
#################################
# Functions
#################################
function New-PRTGResult {
param(
[string]$Channel,
[string]$Value,
[string]$Float,
View ADHealthCheck-NoReport.ps1
<#
Author: Alex Asplund
Description:
Will perform a series of health checks on AD.
Designed to be ran on a Domain Controller as a Domain Admin
Uses WSMAN, LDAP, RPC etc to speak to other DomainControllers.
#>
View New-AdhcResult
Function New-AdhcResult {
[cmdletbinding()]
param(
# Source of the result. The computer that was tested
[parameter(ValueFromPipelineByPropertyName)]
[string]$Source = $env:COMPUTERNAME,
# Name of the test
[parameter(Mandatory,ValueFromPipelineByPropertyName)]
[string]$TestName,
View Test-AdhcDcDiag.ps1
Class AdhcResult {
[string]$Source
[string]$TestName
[bool]$Pass
$Was
$ShouldBe
[string]$Category
[string]$Message
$Data
[string[]]$Tags
View Copy-CustomADUser.ps1
<#
.Synopsis
Kopierar en användare
.DESCRIPTION
Kopierar en användare med hjälp av en hashtable för mappning av attributer.
Hashtable ska vara enligt format @{>SourceUserAttribute> = <New-ADUser parametername>}
Exempel:
$Hashtable = @{
mail = 'EmailAddress'
View Send-AzureIdentityRiskLogsToGelf.ps1
<#
.SYNOPSIS
Pulls Azure Identity Risk logs and sends them to a gelf-server through TCP.
.DESCRIPTION
Pulls Azure Identity Risk logs and sends them to a gelf-server.
Requires the PSGelf module (Install-Module -Name PSGELF).
AppCredentials should be supplied as Credential object with AppID as username and AppKey as password.
.EXAMPLE
PS C:\> .\Script.ps1 -AppCredential $Credential -TenantName mytenant.onmicrosoft.com -GelfServer gelf.domain.com -GelfPort <portnumber>
Explanation of what the example does
You can’t perform that action at this time.