PowerShell Function - Get Microsoft Sentinel Incidents
This code snippet retreieves a set period of Incidents from Microsoft Sentinel.
It's useful for trying to automate enrichment activities related to that particular alert / incident.
PowerShell Function - Write Data to Log Analytics
This example uses PowerShell to write a JSON data file into Log Analytics (and Microsoft Sentinel).
Note this uses a second function "Get-Signature" for signing the data being written to the workspace. That function can be viewed here:
PowerShell Function - Create Signature for writing Log Analytics data | Laurie Rhodes' Info
Powershell Snippet - Query Azure Data Explorer
This code snippet demonstrates how to run a Kusto query against Azure Data Explorer (ADX) using PowerShell.
- Read more about Powershell Snippet - Query Azure Data Explorer
- Log in to post comments
Kusto / Resource Graph Explorer queries from PowerShell
The code snippet below shows how to run Resource Graph queries with PowerShell. The example uses a custom PowerShell class that may be used for streaming objects back to a Log Analytics workspace.
Azure’s YAML provisioning templates
Azure’s ARM templates have been a rite of passage for all Azure engineers. No one who has been working with the cloud at any depth will be without late-night stories of frustration. The Azure Resource Manager is a service that accepts specially constructed JSON templates and uses those templates to provision each object represented within.
- Read more about Azure’s YAML provisioning templates
- Log in to post comments
Programmatically retrieving ‘latest’ Azure REST API versions
Every object in Azure is identified by a unique, hierarchy-based Resource ID.
Every object type has an associated range of different API versions that act as different schemas for that object type.
Powershell, Azure Management API & Password Grant Type - example
This example uses PowerShell and REST for connecting to the Azure Management API for managing the cloud platform.
This example uses the Password grant type (Username and Password) for connecting to Azure.
Azure Custom Script Extensions, Software Deployment and Package Management
Azure allows Virtual Machine extension objects to be attached to provisioned virtual machines. As they are objects, they may be declared directly with Resource Manager templates.
Enabling Azure Point-to-site-VPN
Using Azure's Point-to-site vpn avoids having to expose ssh or winrm ports to the internet to get onto the systems.
Before a Point-to-site VPN can be established, a Virtual Network Gateway must be created. This will be associated with the Virtual Network that will be accessible.
Access to the network will be controlled by certificates.
- Read more about Enabling Azure Point-to-site-VPN
- Log in to post comments
Create an Azure Application & SPN with Certificate Authentication
This PowerShell code snippet creates an Azure AD application registration with an associated SPN and self-signed certificate for Azure authentication.
I've used this for generating certificates that Virtual Machines can use for authenticating to Azure as an alternative to Managed Identities.