Alex Asplund AlexAsplund

## Get-WindowsUpdateInfo.ps1
param(

    [Parameter(Mandatory=$True,Position=0)]
    [Array]$ComputerName,
    [Parameter(Mandatory=$True,Position=1)]
    [String]$OutFile,
    [Parameter(Position=2)]
    [PSCredential]$Credential

)

## Send-AzureIdentityRiskLogsToGelf.ps1
<#
.SYNOPSIS
    Pulls Azure Identity Risk logs and sends them to a gelf-server through TCP.
.DESCRIPTION
    Pulls Azure Identity Risk logs and sends them to a gelf-server.
    Requires the PSGelf module (Install-Module -Name PSGELF).
    AppCredentials should be supplied as Credential object with AppID as username and AppKey as password.
.EXAMPLE
    PS C:\> .\Script.ps1 -AppCredential $Credential -TenantName mytenant.onmicrosoft.com -GelfServer gelf.domain.com -GelfPort <portnumber>
    Explanation of what the example does

## Copy-CustomADUser.ps1
<#
.Synopsis
   Kopierar en användare
.DESCRIPTION
   Kopierar en användare med hjälp av en hashtable för mappning av attributer.
   Hashtable ska vara enligt format @{>SourceUserAttribute> = <New-ADUser parametername>}

   Exempel:
   $Hashtable = @{
        mail = 'EmailAddress'

## Send-AdhcResultToPrtg.ps1
$PRTGUrl = "http://prtg.contoso.com:5050/"

#################################
# Functions
#################################
function New-PRTGResult {
    param(
        [string]$Channel,
        [string]$Value,
        [string]$Float,

## New-AdhcResult
Function New-AdhcResult {
    [cmdletbinding()]
    param(
        # Source of the result. The computer that was tested
        [parameter(ValueFromPipelineByPropertyName)]
        [string]$Source = $env:COMPUTERNAME,

        # Name of the test
        [parameter(Mandatory,ValueFromPipelineByPropertyName)]
        [string]$TestName,

## Get-AzureADAlertsToGraylog.ps1
param(
    # User = ClientId Pass = Secret
    [parameter(Mandatory)]
    [PSCredential]$Credential,

    [parameter(Mandatory)]
    $TenantName

    [parameter(Mandatory)]
    $GelfServer

## Add-OpsGenieUser.ps1
Function Add-OpsGenieUser {
    [cmdletbinding()]
    param(
        [parameter(mandatory)]
        [string]$UserName,

        [parameter(mandatory)]
        [string]$FullName,

        [parameter(mandatory)]

## ad-events.csv

          
            event_id
            potential_criticality
            event_summary

            
              4618
              High
              A monitored security event pattern has occurred.

            
              4649
              High
              A replay attack was detected. May be a harmless false positive due to misconfiguration error.

            
              4719
              High
              System audit policy was changed.

            
              4765
              High
              SID History was added to an account.

            
              4766
              High
              An attempt to add SID History to an account failed.

            
              4794
              High
              An attempt was made to set the Directory Services Restore Mode.

            
              4897
              High
              Role separation enabled:

            
              4964
              High
              Special groups have been assigned to a new logon.

            
              5124
              High
              A security setting was updated on the OCSP Responder Service

## Import-CalendarFromPublicFolder.ps1
<#
.Synopsis
   Script that imports a public folder calendar to a mailbox.
.DESCRIPTION
   Script that imports a public folder calendar to a mailbox.
   Need EWS api installed and Offce365 admin rights
.EXAMPLE
    This will give the $ExchangeCredential.Username account FullAccess permissions to meetingresource1@contoso.com
    After that it wil take the calendar from -PublicFolderPath and copy the items in it to meetingresource1@contoso.com calendar.
    The last two actions renames the public folder calendar to 'Not used - *DATE* - <DisplayName>'

## WindowsShellOLEProperties.txt
System.Audio.ChannelCount
System.Audio.EncodingBitrate
System.Audio.PeakValue
System.Audio.SampleRate
System.Audio.SampleSize
System.Calendar.Duration
System.Calendar.IsOnline
System.Calendar.IsRecurring
System.Calendar.Location
System.Calendar.OptionalAttendeeAddresses
	param(

	[Parameter(Mandatory=$True,Position=0)]
	[Array]$ComputerName,
	[Parameter(Mandatory=$True,Position=1)]
	[String]$OutFile,
	[Parameter(Position=2)]
	[PSCredential]$Credential

	)
	<#
	.SYNOPSIS
	Pulls Azure Identity Risk logs and sends them to a gelf-server through TCP.
	.DESCRIPTION
	Pulls Azure Identity Risk logs and sends them to a gelf-server.
	Requires the PSGelf module (Install-Module -Name PSGELF).
	AppCredentials should be supplied as Credential object with AppID as username and AppKey as password.
	.EXAMPLE
	PS C:\> .\Script.ps1 -AppCredential $Credential -TenantName mytenant.onmicrosoft.com -GelfServer gelf.domain.com -GelfPort <portnumber>
	Explanation of what the example does
	<#
	.Synopsis
	Kopierar en användare
	.DESCRIPTION
	Kopierar en användare med hjälp av en hashtable för mappning av attributer.
	Hashtable ska vara enligt format @{>SourceUserAttribute> = <New-ADUser parametername>}

	Exempel:
	$Hashtable = @{
	mail = 'EmailAddress'
	$PRTGUrl = "http://prtg.contoso.com:5050/"

	#################################
	# Functions
	#################################
	function New-PRTGResult {
	param(
	[string]$Channel,
	[string]$Value,
	[string]$Float,
	Function New-AdhcResult {
	[cmdletbinding()]
	param(
	# Source of the result. The computer that was tested
	[parameter(ValueFromPipelineByPropertyName)]
	[string]$Source = $env:COMPUTERNAME,

	# Name of the test
	[parameter(Mandatory,ValueFromPipelineByPropertyName)]
	[string]$TestName,
	param(
	# User = ClientId Pass = Secret
	[parameter(Mandatory)]
	[PSCredential]$Credential,

	[parameter(Mandatory)]
	$TenantName

	[parameter(Mandatory)]
	$GelfServer
	Function Add-OpsGenieUser {
	[cmdletbinding()]
	param(
	[parameter(mandatory)]
	[string]$UserName,

	[parameter(mandatory)]
	[string]$FullName,

	[parameter(mandatory)]
event_id	potential_criticality	event_summary
4618	High	A monitored security event pattern has occurred.
4649	High	A replay attack was detected. May be a harmless false positive due to misconfiguration error.
4719	High	System audit policy was changed.
4765	High	SID History was added to an account.
4766	High	An attempt to add SID History to an account failed.
4794	High	An attempt was made to set the Directory Services Restore Mode.
4897	High	Role separation enabled:
4964	High	Special groups have been assigned to a new logon.
5124	High	A security setting was updated on the OCSP Responder Service
	<#
	.Synopsis
	Script that imports a public folder calendar to a mailbox.
	.DESCRIPTION
	Script that imports a public folder calendar to a mailbox.
	Need EWS api installed and Offce365 admin rights
	.EXAMPLE
	This will give the $ExchangeCredential.Username account FullAccess permissions to meetingresource1@contoso.com
	After that it wil take the calendar from -PublicFolderPath and copy the items in it to meetingresource1@contoso.com calendar.
	The last two actions renames the public folder calendar to 'Not used - DATE - <DisplayName>'
	System.Audio.ChannelCount
	System.Audio.EncodingBitrate
	System.Audio.PeakValue
	System.Audio.SampleRate
	System.Audio.SampleSize
	System.Calendar.Duration
	System.Calendar.IsOnline
	System.Calendar.IsRecurring
	System.Calendar.Location
	System.Calendar.OptionalAttendeeAddresses