Rogier Dijkman azurekid

## bing-to-teams.ps1
$TeamsPath  = "$($env:appdata)\Microsoft\Teams\Backgrounds\Uploads"
$web        = New-Object Net.WebClient
$webclient  = New-Object System.Net.WebClient

$baseUrl = "https://www.bing.com"
$jsonUrl = "https://www.bing.com/HPImageArchive.aspx?format=js&mbl=1&idx=0&n=1&cc=auto"

if (-not(Test-Path $TeamsPath)) {
    New-Item -ItemType Directory -Path $TeamsPath
}

## QualysAgent.json
{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "virtualMachines": {
            "type": "Array"
        }
    },
    "resources": [
        {

## Set-AzureAdRoleAssignment.ps1
[CmdletBinding()]
param (
    [Parameter(Mandatory = $True)]
    [guid]$UserObjectId,

    [Parameter(Mandatory = $True)]
    [guid]$roleDefinitionId
)

function Get-GraphToken {

## show-credentials.yml
pr: none
trigger: none

variables:
  serviceConnection: '<NameOfYourServiceConnection>'

pool:
  vmImage: 'ubuntu-latest'

stages:

## Get-AccessToken.ps1
function Get-AccessToken {
    <#
    .Synopsis
      Creates an Access token for Microsoft Graph
    .DESCRIPTION
      This function can be used to create an Access Token to query the Microsoft Graph API.
    .PARAMETER ApplicationId [string]
      Enter the Application ID
    .PARAMETER ApplicationSecret [string]
      Enter the Application Secret

## TokenHeader.ps1
$authenticationHeader = @{
"Sec-Fetch-Dest" = "empty";
"Sec-Fetch-Mode" = "cors";
        "accept-encoding"        = "gzip, deflate, br";
        "accept-language"        = "en";
        "x-ms-effective-locale"  = "en.en-us"
        "Authorization"          = "Bearer <#TokenValuePlainText#>";
        "Content-Type"           = "application/json";
        "x-ms-client-request-id" = (New-Guid).Guid;
        "x-ms-session-id"        = "12345678910111213141516";

## sas-scraper.ps1
[CmdletBinding()]
param (
    [Parameter(Mandatory = $false)]
    [string]$SasUri,

    [Parameter(Mandatory = $false)]
    [string]$SasToken
)

Clear-Host

## Set-AzTagValue.ps1
$ResourceGroups = Get-AzResourceGroup

[System.Environment]::SetEnvironmentVariable('SuppressAzureRmModulesRetiringWarning', 'true', [System.EnvironmentVariableTarget]::User)

foreach ($rg in $ResourceGroups) {
    # Tag ResourceGroups
    $logEntry = (Get-AzLog -ResourceGroupName $rg.ResourceGroupName -StartTime (Get-Date).AddDays(-90))[-1]
    $createdBy = $logEntry.Caller
    $createDate = $logEntry.EventTimestamp

## ratscan.ps1
[CmdletBinding()]
param (
    [Parameter()]
    [switch]$IDPS,

    [Parameter()]
    [switch]$ThreatIntel,

    [Parameter()]
    [switch]$WebCategories,

## kql-coding-standards.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                azurekid
                / kql-coding-standards.md
            
            
              Last active
              November 22, 2022 13:29
            
              
                KQL Coding Standards
              
          
    KQL Coding standards


This document helps to create clean and readable KQL code for parsing and detection rules.

All views are my own based on writing lots of code in PowerShell and other languages. 

This is a living document that helps to create a common baseline.

Allign your code


Place a spaces before and after the '=' character for readability.

allign the code using  instead of spaces. Keep the '=' character and default values alligned.
	$TeamsPath = "$($env:appdata)\Microsoft\Teams\Backgrounds\Uploads"
	$web = New-Object Net.WebClient
	$webclient = New-Object System.Net.WebClient

	$baseUrl = "https://www.bing.com"
	$jsonUrl = "https://www.bing.com/HPImageArchive.aspx?format=js&mbl=1&idx=0&n=1&cc=auto"

	if (-not(Test-Path $TeamsPath)) {
	New-Item -ItemType Directory -Path $TeamsPath
	}
	{
	"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
	"contentVersion": "1.0.0.0",
	"parameters": {
	"virtualMachines": {
	"type": "Array"
	}
	},
	"resources": [
	{
	[CmdletBinding()]
	param (
	[Parameter(Mandatory = $True)]
	[guid]$UserObjectId,

	[Parameter(Mandatory = $True)]
	[guid]$roleDefinitionId
	)

	function Get-GraphToken {
	pr: none
	trigger: none

	variables:
	serviceConnection: '<NameOfYourServiceConnection>'

	pool:
	vmImage: 'ubuntu-latest'

	stages:
	function Get-AccessToken {
	<#
	.Synopsis
	Creates an Access token for Microsoft Graph
	.DESCRIPTION
	This function can be used to create an Access Token to query the Microsoft Graph API.
	.PARAMETER ApplicationId [string]
	Enter the Application ID
	.PARAMETER ApplicationSecret [string]
	Enter the Application Secret
	$authenticationHeader = @{
	"Sec-Fetch-Dest" = "empty";
	"Sec-Fetch-Mode" = "cors";
	"accept-encoding" = "gzip, deflate, br";
	"accept-language" = "en";
	"x-ms-effective-locale" = "en.en-us"
	"Authorization" = "Bearer <#TokenValuePlainText#>";
	"Content-Type" = "application/json";
	"x-ms-client-request-id" = (New-Guid).Guid;
	"x-ms-session-id" = "12345678910111213141516";
	[CmdletBinding()]
	param (
	[Parameter(Mandatory = $false)]
	[string]$SasUri,

	[Parameter(Mandatory = $false)]
	[string]$SasToken
	)

	Clear-Host
	$ResourceGroups = Get-AzResourceGroup

	[System.Environment]::SetEnvironmentVariable('SuppressAzureRmModulesRetiringWarning', 'true', [System.EnvironmentVariableTarget]::User)

	foreach ($rg in $ResourceGroups) {
	# Tag ResourceGroups
	$logEntry = (Get-AzLog -ResourceGroupName $rg.ResourceGroupName -StartTime (Get-Date).AddDays(-90))[-1]
	$createdBy = $logEntry.Caller
	$createDate = $logEntry.EventTimestamp
	[CmdletBinding()]
	param (
	[Parameter()]
	[switch]$IDPS,

	[Parameter()]
	[switch]$ThreatIntel,

	[Parameter()]
	[switch]$WebCategories,