Koos Goossens TheCloudScout
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # escape=` | |
| FROM mcr.microsoft.com/powershell:6.2.0-ubuntu-18.04 | |
| # Set default directory to C:\Agent | |
| WORKDIR /agent | |
| # Set PowerShell as default shell | |
| SHELL [ "pwsh", "-NoProfile", "-Command" ] |
TheCloudScout
/ Store Azure Container Registry credentials in Key Vault
Created
November 4, 2019 21:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Retrieve all Azure Container Registry credentials | |
| $RegistryCredentials = Get-AzContainerRegistry | Get-AzContainerRegistryCredential | |
| # Convert first password to secure string and store it inside Key Vault as a secret | |
| $RegistryPw1 = ConvertTo-SecureString -string $RegistryCredentials.Password -AsPlainText -Force | |
| Set-AzKeyVaultSecret -VaultName $(KeyVaultName) -Name "RegistryPassword1" -SecretValue $RegistryPw1 | |
| # Convert second password to secure string and store it inside Key Vault as a secret | |
| $RegistryPw2 = ConvertTo-SecureString -string $RegistryCredentials.Password2 -AsPlainText -Force | |
| Set-AzKeyVaultSecret -VaultName $(KeyVaultName) -Name "RegistryPassword2" -SecretValue $RegistryPw2 |
TheCloudScout
/ logstash-postgresToSentinel.dockerfile
Created
April 19, 2020 16:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # escape=` | |
| # LogStash base image from Elastic version 7.6.2 | |
| FROM docker.elastic.co/logstash/logstash:7.6.2 | |
| # Delete logstash.conf in custom image, so that we won't retain the example config from the base image. | |
| RUN rm -f /usr/share/logstash/pipeline/logstash.conf | |
| # Copy JDBC drivers for PostgreSQL connection | |
| ADD postgresql-42.2.12.jar /usr/share/logstash/modules/postgres/postgresql-42.2.12.jar |
TheCloudScout
/ postgres-to-sentinel.conf
Last active
April 19, 2020 19:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # file: postgres-to-sentinel.conf | |
| input { | |
| jdbc { | |
| # Postgres jdbc connection string to our database, mydb | |
| jdbc_connection_string => "jdbc:postgresql://localhost:5432/security" | |
| # The user we wish to execute our statement as | |
| jdbc_user => "lutsdbuser" | |
| # The user we wish to execute our statement as | |
| jdbc_password => "<YOUR PASSWORD>" | |
| # The path to our downloaded jdbc driver |
TheCloudScout
/ Set-AzureDevOpsKeyRotation.ps1
Created
January 22, 2021 16:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .DESCRIPTION | |
| Azure DevOps Pipeline details: | |
| - AzureCLI@2 | |
| - scriptType: 'pscore' | |
| - addSpnToEnvironment: true | |
| Permission requirements: | |
| - Azure DevOps: <Project> Build Service needs to be member of the Endpoint Administrators group | |
| - Azure AD: Application needs to be owner of it's own application | |
| - Azure AD: Application requires the application permission Application.ReadWrite.OwnedBy |
TheCloudScout
/ show-service-connection-key.yml
Last active
January 24, 2021 13:15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| trigger: none | |
| pool: | |
| vmImage: 'ubuntu-latest' | |
| steps: | |
| - task: AzureCLI@2 | |
| displayName: Retrieve Service Connection credentials | |
| inputs: | |
| azureSubscription: '<Service Connection name>' |
TheCloudScout
/ correlate-travel-alerts-with-vpn-logs
Created
March 11, 2021 12:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let Unfamiliarsigninproperties = ExportSecurityAlerts_CL | |
| | where AlertName_s == "Unfamiliar sign-in properties" | |
| | extend IPAddress = tostring(parse_json(ExtendedProperties_s).["Client IP Address"]) | |
| | extend Location = tostring(parse_json(ExtendedProperties_s).["Client Location"]) | |
| | extend UID = split(tostring(parse_json(ExtendedProperties_s).["User Account"]),"@")[0] | |
| | extend AlertDate = split(TimeGenerated_Local_Time__s, ",")[0] | |
| | extend AlertTime = split(TimeGenerated_Local_Time__s, ",")[1] | |
| | extend AlertDateTime = todatetime(strcat(AlertDate, AlertTime)) | |
| | project AlertDateTime, AlertName = AlertName_s, IPAddress, Location, UID; | |
| let AtypicalTravel = ExportSecurityAlerts_CL |
TheCloudScout
/ correlate-with-outer-join-and-calculate-timestamp-difference
Created
March 11, 2021 13:04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let AlertLogs = _GetWatchlist("AlertLogs") | |
| | extend AlertDateTime = todatetime(strcat(AlertDate, AlertTime)) | |
| | project AlertDateTime, AlertName, UID; | |
| let JunosLogs = _GetWatchlist("JunosLogs") | |
| | extend JunosDateTime = todatetime(strcat(Date, Time)) | |
| | project JunosDateTime, Action, UID=UID_; | |
| // JunosLogs | |
| AlertLogs | |
| | join kind=leftouter JunosLogs on UID | |
| | sort by AlertDateTime |
TheCloudScout
/ dockerfile
Created
November 4, 2019 19:34
adsha-windowsservercore-ltsc2019-dotnet-4.8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # escape=` | |
| FROM mcr.microsoft.com/windows/servercore:ltsc2019 | |
| # Install .NET 4.8 | |
| RUN curl -fSLo dotnet-framework-installer.exe https://download.visualstudio.microsoft.com/download/pr/7afca223-55d2-470a-8edc-6a1739ae3252/abd170b4b0ec15ad0222a809b761a036/ndp48-x86-x64-allos-enu.exe ` | |
| && .\dotnet-framework-installer.exe /q ` | |
| && del .\dotnet-framework-installer.exe ` | |
| && powershell Remove-Item -Force -Recurse ${Env:TEMP}\* |
TheCloudScout
/ Set-addApplicationOwner.ps1
Last active
July 22, 2021 15:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .DESCRIPTION | |
| This script will add the Service Principal of the Application as Owner of the Application. | |
| It performs the following steps: | |
| - Login to the graph.microsoft.com | |
| - Validate the Application Id | |
| - Retrieve the current owner(s) | |
| - Add if applicable the application delegation for graph.microsoft.com/Application.ReadWrite.OwnedBy | |
| - Perform if applicable the admin consent for the application delegation graph.microsoft.com/Application.ReadWrite.OwnedBy | |
| - Add if applicable the service principal to the application as owner |
OlderNewer