This file contains useful snippets that can be used for the development of ASIM Parsers for Microsoft Sentinel
| extend DstHostname = case(DstHostname != "", DstHostname, DestinationIP)
git clone https://github.com/projectdiscovery/alterx.git | |
git clone https://github.com/projectdiscovery/owasp-amass/oam-tools | |
cd alterx/cmd/alterx; \ | |
go build; \ | |
mv alterx /usr/local/bin/; \ | |
alterx -version; |
<# | |
.SYNOPSIS | |
Generates a GUID from a given string value using MD5 hashing. | |
.PARAMETER Value | |
The string value to generate a GUID from. | |
.EXAMPLE | |
Get-Guid -Value "example string" | |
Returns a GUID generated from the string "example string". |
jobs: | |
- job: get_token | |
displayName: Collecting AccessToken | |
steps: | |
- powershell: | | |
$accessToken = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("azdo:$(System.AccessToken)")) | |
# auth headers | |
$headers = @{Authorization = 'Basic ' + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("azdo:$(System.AccessToken)")) } | |
write-output $($headers.value) |
[CmdletBinding()] | |
param ( | |
[Parameter(Mandatory = $true)] | |
[string]$GitBranch, | |
[Parameter(Mandatory = $false)] | |
[string]$CommitMessage = 'rebuild repository', | |
[Parameter(Mandatory = $false)] | |
[switch]$Force |
function Invoke-SplitJWT { | |
Param | |
( | |
[Parameter(Mandatory = $true, | |
ValueFromPipeline = $true, | |
Position = 0)] | |
$String | |
) | |
Process { |
function Get-GraphToken { | |
[cmdletbinding()] | |
Param( | |
[Parameter(Mandatory = $True)] | |
[String[]] | |
[ValidateSet("MSGraph", "Azure", "Monitor", "MSPIM")] | |
$Client, | |
[Parameter(Mandatory = $False)] | |
[String]$Resource = "https://graph.microsoft.com" |
This document helps to create clean and readable KQL code for parsing and detection rules.
All views are my own based on writing lots of code in PowerShell and other languages.
This is a living document that helps to create a common baseline.
[CmdletBinding()] | |
param ( | |
[Parameter()] | |
[switch]$IDPS, | |
[Parameter()] | |
[switch]$ThreatIntel, | |
[Parameter()] | |
[switch]$WebCategories, |
$ResourceGroups = Get-AzResourceGroup | |
[System.Environment]::SetEnvironmentVariable('SuppressAzureRmModulesRetiringWarning', 'true', [System.EnvironmentVariableTarget]::User) | |
foreach ($rg in $ResourceGroups) { | |
# Tag ResourceGroups | |
$logEntry = (Get-AzLog -ResourceGroupName $rg.ResourceGroupName -StartTime (Get-Date).AddDays(-90))[-1] | |
$createdBy = $logEntry.Caller | |
$createDate = $logEntry.EventTimestamp |