Daniel Scott-Raynsford PlagueHO
😼
PlagueHO
/ Set-AzNetworkSecurityGroupAddRule.ps1
Last active
October 7, 2022 07:01
PowerShell function to add or update a rule in all Azure Network Security Groups (NSG) across a set of Azure subscriptions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Function to loop over all Azure Network Security Groups in multiple | |
| subscriptions and add an NSG rule to it if it does not already exist. | |
| If the rule already exists, it will remove it and add it. The NSG will | |
| then be replaced. | |
| This function is not idempotent, it will replace the NSG regardless | |
| of whether it needed to be or not. |
PlagueHO
/ Get-AzLogAnalyticsWorkspaceSource.ps1
Created
July 28, 2021 03:40
PowerShell function that looks for Azure resources and services that send data to Log Analytics workspaces. Use this to assess the usage of Azure Log Analytics workspaces across a tenant.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Modules @{ ModuleName = 'Az.Accounts'; ModuleVersion = '2.5.1' } | |
| #Requires -Modules @{ ModuleName = 'Az.Resources'; ModuleVersion = '4.2.0' } | |
| #Requires -Modules @{ ModuleName = 'Az.Compute'; ModuleVersion = '4.15.0' } | |
| #Requires -Modules @{ ModuleName = 'Az.OperationalInsights'; ModuleVersion = '2.3.0' } | |
| #Requires -Modules @{ ModuleName = 'Az.Aks'; ModuleVersion = '2.2.0' } | |
| <# | |
| .SYNOPSIS | |
| Returns an array Azure Log Analytics workspaces and the resources | |
| that send data to them. |
PlagueHO
/ azuredeploy.json
Created
February 24, 2021 03:24
ARM Template for Deploying Azure Database for PostgreSQL with read-only replica and no public network access.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "serverName": { | |
| "type": "string", | |
| "metadata": { | |
| "description": "Server Name for Azure database for PostgreSQL" | |
| } | |
| }, |
PlagueHO
/ CreateAzureDevOpsAgentPoolVMSS.sh
Created
January 26, 2021 01:19
Create an Azure DevOps Agent Pool VMSS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| az vmss create \ | |
| --name dsragentspool \ | |
| --resource-group dsr-azuredevops-rg \ | |
| --image UbuntuLTS \ | |
| --vm-sku Standard_DS2_v2 \ | |
| --storage-sku Standard_LRS \ | |
| --authentication-type SSH \ | |
| --instance-count 2 \ | |
| --disable-overprovision \ | |
| --upgrade-policy-mode manual \ |
PlagueHO
/ azure-pipelines.yml
Created
January 24, 2021 06:39
Azure DevOps Multi-Stage YAML Pipeline triggered off Main Branch with access to Secrets & Service Connections and using Environments
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| trigger: | |
| branches: | |
| include: | |
| - 'main' | |
| pr: none | |
| stages: | |
| - stage: Build | |
| jobs: | |
| - template: templates/build.yml |
PlagueHO
/ azure-pipelines.yml
Created
January 24, 2021 03:52
Example Azure DevOps Multi-Stage YAML Pipeline triggered off malicious branch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| trigger: | |
| branches: | |
| include: | |
| - 'main' | |
| - 'malicious-change' | |
| pr: none | |
| stages: | |
| - stage: Build | |
| jobs: |
PlagueHO
/ azure-pipelines.yml
Last active
January 24, 2021 02:55
Azure DevOps Multi-Stage YAML Pipeline triggered off Main Branch with access to Secrets & Service Connections
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| trigger: | |
| branches: | |
| include: | |
| - 'main' | |
| pr: none | |
| stages: | |
| - stage: Build | |
| jobs: | |
| - template: templates/build.yml |
PlagueHO
/ Invoke-AzContainerGroupCommand.ps1
Created
October 26, 2020 02:57
Execute a command on an Azure Container Instance and return a terminal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $SubscriptionId = '<subscription id>' | |
| $ResourceGroupName = 'my-container-rg' | |
| $AciName = 'my-container-aci' | |
| $resourceId = "/subscriptions/$($SubscriptionId)/resourceGroups/$($ResourceGroupName)/providers/Microsoft.ContainerInstance/containerGroups/$($AciName)/containers/$($AciName)" | |
| $command = "/zap/zap-baseline.py -t 'https://myapplication.net' -x OWASP-ZAP-Report.xml" | |
| Invoke-AzResourceAction ` | |
| -ResourceId $resourceId ` | |
| -Action 'exec' ` | |
| -ApiVersion '2019-12-01' ` |
PlagueHO
/ Invoke-AzureArcLinuxCustomScriptExtensionsArmDeployment.ps1
Created
August 23, 2020 04:21
PowerShell Command to deploy Azure Arc Custom Script Extensions using ARM Template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-AzResourceGroupDeployment ` | |
| -ResourceGroupName '<NAME OF RESOURCE GROUP CONTAINING ARC MACHINES>' ` | |
| -TemplateFile ~/AzureArcLinuxCustomScriptExtensions.json ` | |
| -TemplateParameterObject @{ | |
| MachineName = '<NAME OF AZURE ARC MACHINE>' | |
| Location = '<LOCATION OF AZURE ARM MACHINE>' | |
| WorkspaceId = '<WORKSPACE ID OF LOG ANALYTICS WORKSPACE>' | |
| WorkspaceKey = '<WORKSPACE KEY OF LOG ANALYTICS WORKSPACE>' | |
| } |
PlagueHO
/ Download-AzureArcLinuxCustomScriptExtensionsArm.ps1
Created
August 23, 2020 04:15
PowerShell script to download Azure ARM Template to enable Azure Monitor Log Analytics Container Monitoring on a Linux Docker host in Azure Arc managed machines using the custom script extension
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Invoke-WebRequest -Uri https://gist.githubusercontent.com/PlagueHO/c3f09056cace496dded18da8bc1ed589/raw/AzureArcLinuxCustomScriptExtensions.json -OutFile ~\AzureArcLinuxCustomScriptExtensions.json |
NewerOlder