Skip to content

Instantly share code, notes, and snippets.

View TheCloudScout's full-sized avatar

Koos Goossens TheCloudScout

26 followers · 6 following
View GitHub Profile
@TheCloudScout
TheCloudScout / logstash-pipeline.cfg
Last active December 11, 2023 11:48
Logstash configuration with multiple destinations
input {
tcp {
port => 514
type => syslog
host => "141.93.182.143"
tags => ["gso_sentinel"]
}
}
input {
udp {
@TheCloudScout
TheCloudScout / Gat-AdxCommands.ps1
Created August 11, 2023 12:13
Automatically generate ADX commands for table and table mapping creating based on json formatted log sample
<#
.DESCRIPTION
This script will generate ADX commands based on sample files to determine their schema.
These sample files should be in a proper JSON format and contain a single object.
.PARAMETER TemplateFolder <String>
Location which contains the sample files
#>
@TheCloudScout
TheCloudScout / rot8r-parameters.csv
Created January 26, 2023 15:20
Parameter isRequired? Description
secretAddDays false The number of days the new application secret will be valid. Default is for 31 days.
tenantId true The Tenant ID of the Azure Active Directory in which the application resides.
applicationId true The app id of the application on which the secret needs to be rotated.
logstashConfigLocation false Path to logstash pipeline configuration file i.e. '/etc/logstash/conf.d/syslog-to-dcr-based-sentinel.conf'.
logstashKeystoreKey false Name of the key in the keystore container the app secret referenced inside the Logstash configuration file.
printOutput false Add -printOutput to for easier troubleshooting external Logstash-specific command like update keystore key and restarting service.
@TheCloudScout
TheCloudScout / sentinel-pricing-auto-scale-workflow
Created November 17, 2022 22:15
sentinel-pricing-auto-scale-workflow
name: SentinelPricingTierAutoScale
on:
schedule:
- cron: '0 1 8 * *' # At 08:00 on every 1st day of the month
permissions:
id-token: write
contents: write
pull-requests: write
@TheCloudScout
TheCloudScout / pr-template
Created November 17, 2022 22:13
pr-template
# Automated Code Pull Request
Before submitting this Pull Request, please make sure and check the list below.
## General
* [x] Change purpose checkboxe(s) are updated
* [x] Change has been described
## Purpose for change
@TheCloudScout
TheCloudScout / customRole-TagReader
Created August 2, 2022 16:09
{
"properties": {
"roleName": "Tag Reader",
"description": "Lets you read tags on entities, without providing access to the entities themselves.",
"permissions": [
{
"actions": [
"Microsoft.Resources/tags/read",
"Microsoft.Resources/subscriptions/tagNames/read"
],
@TheCloudScout
TheCloudScout / querypack-arm-parameters
Created July 13, 2022 20:33
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"queryPackName": {
"value": "InvestigationsPack"
},
"queryPackQueries": {
"value": [
{
@TheCloudScout
TheCloudScout / querypack-arm-template
Created July 13, 2022 20:21
"resources": [
{
"type": "microsoft.operationalInsights/querypacks",
"apiVersion": "2019-09-01-preview",
"name": "[parameters('queryPackName')]",
"location": "[resourceGroup().location]",
"properties": {}
},
{
"type": "microsoft.operationalInsights/querypacks/queries",
@TheCloudScout
TheCloudScout / kennisdag-ioc-list
Created March 7, 2022 17:37
RemoteIP
13.107.21.200
131.253.33.200
204.79.197.200
13.107.6.158
13.107.22.200
13.107.9.158
131.253.33.200
13.107.21.200
204.79.197.200
@TheCloudScout
TheCloudScout / sentinel-arm-dynamic-sku
Created February 2, 2022 08:51
"resources": [
{
"type": "microsoft.operationalinsights/workspaces",
"apiVersion": "2021-06-01",
"name": "[parameters('logAnalyticsName')]",
"location": "[parameters('location')]",
"properties": {
"sku": "[variables('sku')]",
"retentionInDays": "[parameters('retentionInDays')]",
"workspaceCapping": {