Skip to content

Instantly share code, notes, and snippets.

View pkhabazi's full-sized avatar
🚀
Working from mars

Pouyan Khabazi pkhabazi

🚀
Working from mars
16 followers · 53 following
View GitHub Profile
@pkhabazi
pkhabazi / groupingConfiguration.json
Created June 29, 2020 15:01
AzSentinel
"groupingConfiguration": {
"GroupingConfigurationEnabled": true,
"reopenClosedIncident": true,
"lookbackDuration": "PT6H",
"entitiesMatchingMethod": "string",
"groupByEntities": [
"Account",
"Ip",
"Host",
"Url"
@pkhabazi
pkhabazi / Connections.json
Last active February 7, 2020 10:37
{
"type": "Microsoft.Web/connections",
"apiVersion": "2016-06-01",
"name": "azureSentinel",
"location": "[resourceGroup().location]",
"properties": {
"displayName": "azureSentinel",
"customParameterValues": {},
"api": {
"id": "[concat('/subscriptions/',subscription().subscriptionId, '/providers/Microsoft.Web/locations/westeurope/managedApis/', 'azureSentinel')]"
@pkhabazi
pkhabazi / docker-compose-macvlan.yml
Created January 22, 2020 08:45
Docker compose with macvlan example
version: "3.6"
networks:
macvlan_network:
driver: macvlan
driver_opts:
parent: eth01
ipam:
config:
- subnet: 192.168.1.0/24
@pkhabazi
pkhabazi / sentinel.azuredeploy.json
Created January 21, 2020 10:46
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
},
"variables": {
"logAnalyticsWorkspace": "[concat('sent-',uniqueString(resourceGroup().id))]"
},
"resources": [
@pkhabazi
pkhabazi / get-authtoken.ps1
Created November 1, 2019 13:16
$body = @{
client_id = $ClientId
scope = "https://graph.microsoft.com/.default"
client_secret = $ClientSecret
grant_type = "client_credentials"
}
$uri = "https://login.microsoftonline.com/$TenantId/oauth2/v2.0/token"
@pkhabazi
pkhabazi / AlertRule.json
Last active February 24, 2020 19:41
AZSentinel PowerShell Module example and blog
{
"analytics": [
{
"displayName": "string",
"description": "string",
"severity": "High",
"enabled": true,
"query": "SecurityEvent | where EventID == \"4688\" | where CommandLine contains \"-noni -ep bypass $\"",
"queryFrequency": "5H",
"queryPeriod": "5H",
@pkhabazi
pkhabazi / launch.json
Last active July 23, 2019 08:00
Integrate and Run Pester from VS Code Debug
{
"version": "0.2.0",
"configurations": [
{
"name": "Test-ModuleManifest",
"type": "PowerShell",
"request": "launch",
"script": "Invoke-Pester",
"args": ["${workspaceFolder}/tests/Test-ModuleManifest.Tests.ps1", "-Show All"]
},
@pkhabazi
pkhabazi / Cycle-Edge-Tab.ps1
Created July 17, 2019 13:18
<#
Automatically Cycle Through Tabs in Edge
#>
while (1 -eq 1) {
$wshell=New-Object -ComObject wscript.shell
$wshell.AppActivate('microsoft-edge')
Sleep 3
$wshell.SendKeys('^+{TAB}')
$wshell.SendKeys('{F5}')
@pkhabazi
pkhabazi / Move-AzureVMWithManagedDis.ps1
Created June 12, 2019 20:42
At the moment of writing this blog it’s unfortunately not possible to move an Azure VM with Managed disk to another Resource Group or to another Description. However, Microsoft says on the Azure Portal that this will be possible in the near feature. For the time being, I have chosen to write a small PowerShell script that will do the move fully …
<#
.Synopsis
Move Azure VM with Managed Disk to another Resource Group
.DESCRIPTION
Long description
.EXAMPLE
Example of how to use this cmdlet
.INPUTS
Inputs to this cmdlet (if any)
.OUTPUTS
@pkhabazi
pkhabazi / Generate-AzureReport.ps1
Last active June 13, 2019 07:59
This is a example how to get all azure resources for each subscription and save in word as table separated by chapter
<#
to save to wod
https://github.com/microsoftgraph/security-api-solutions/tree/master/Samples/PowerShell
to get security alerts:
https://github.com/microsoftgraph/security-api-solutions/tree/master/Samples/PowerShell
#>
try {