Skip to content

Instantly share code, notes, and snippets.

PixelRobots

Block or report user

Report or block PixelRobots

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View CloudShell Wwindows Terminal
{
"acrylicOpacity" : 0.6,
"closeOnExit" : false,
"colorScheme" : "Vintage",
"commandline" : "Azure",
"connectionType" : "{d9fcfdfa-a479-412c-83b7-c5640e61cd62}",
"cursorColor" : "#FFFFFF",
"cursorShape" : "bar",
"fontFace" : "Consolas",
"fontSize" : 10,
View audit if a process is or has been running on a VM.kql
Perf
| where ObjectName == "Process" and CounterName == "% Processor Time"
| where InstanceName contains "dropbox"
| summarize Running_Instances = dcount(InstanceName) by Computer
let StartDate = datetime("2019-06-30 22:46:42");
let EndDate = datetime("2019-07-01 00:57:27");
Perf
| where TimeGenerated between(StartDate .. EndDate)
| where ObjectName == "Process" and CounterName == "% Processor Time"
View AD_Audit_log_analytics
SecurityEvent
| where EventID in (4625, 4624) and AccountType == 'User'
| summarize Attempts = count(), Failed = countif(EventID == 4625), Succeeded = countif(EventID == 4654) by Account
SecurityEvent
| where EventID == 4625
| extend Reason = case(
SubStatus == '0xc0000064', 'User name does not exist',
SubStatus == '0xc000005e', 'No logon servers available to service the logon request',
SubStatus == '0xc0000062', 'Account name is not properly formatted',
View ava_mem_log_analytics
// Chart memory if its under nnMB over the past nn days/hours
let setMBValue = 1024;
// enter a MB value to check
let startDate = ago(5h);
// enter how many days/hours to look back on
Perf
| where TimeGenerated > startDate
| where ObjectName == "Memory" and CounterName == "Available Mbytes" and Computer in ((Heartbeat
| where OSType == "Windows"
| distinct Computer))
View encryptvmss.ps1
$KVRGname = 'PixelRobots-KV-UKS';
$VMSSRGname = 'PixelRobots-VMSS-UKS';
$VmssName = 'pixelrobotsvmss';
$KeyVaultName = 'PixelRobots-VMSS-KV-UKS';
## Do not edit below this line.
$KeyVault = Get-AzKeyVault -VaultName $KeyVaultName -ResourceGroupName $KVRGname;
$DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri;
$KeyVaultResourceId = $KeyVault.ResourceId;
Set-AzVmssDiskEncryptionExtension -ResourceGroupName $VMSSRGname -VMScaleSetName $VmssName -DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId;
View AzureSubscriptionRBACAudit.ps1
#requires -Version 3.0 -Modules Az.Resources
param(
[switch]
$email
)
$ErrorActionPreference = 'Stop'
## Email Style
View azure disk alert
// enter a GB value to check
let setgbvalue = 100;
// Query
Perf
| where TimeGenerated > ago(1h)
| where ObjectName == "LogicalDisk" and CounterName == "Free Megabytes"
| where InstanceName !contains "D:"
| where InstanceName !contains "_Total"
| extend FreeSpaceGB = CounterValue/1024
| summarize FreeSpace = min(FreeSpaceGB) by Computer, InstanceName
View AzureSubscriptionSelector.ps1
function Login {
$needLogin = $true
Try {
$content = Get-AzContext
if ($content) {
$needLogin = ([string]::IsNullOrEmpty($content.Account))
}
}
Catch {
if ($_ -like "*Login-AzAccount to login*") {
View domjoin.tf
resource "azurerm_virtual_machine_extension" "domjoin" {
name = "domjoin"
location = "${var.location}"
resource_group_name = "${var.image_resource_group}"
virtual_machine_name = "${var.prefix}"
publisher = "Microsoft.Compute"
type = "JsonADDomainExtension"
type_handler_version = "1.3"
# What the settings mean: https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netjoindomain
settings = <<SETTINGS
View Azure Security Center Preview Cmdlets.ps1
Install-Module PowerShellGet –Repository PSGallery –Force
Install-Module -name AzureRM.Profile -requiredversion 5.5.0
Install-Module -Name AzureRM.Security -AllowPrerelease
Import-Module AzureRM.Profile -RequiredVersion 5.5.0
Import-Module AzureRM.Security
You can’t perform that action at this time.