Alex Asplund AlexAsplund
AlexAsplund
/ Add-OpsGenieUser.ps1
Created
January 8, 2020 15:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Add-OpsGenieUser { | |
| [cmdletbinding()] | |
| param( | |
| [parameter(mandatory)] | |
| [string]$UserName, | |
| [parameter(mandatory)] | |
| [string]$FullName, | |
| [parameter(mandatory)] |
AlexAsplund
/ ad-events.csv
Created
April 8, 2020 10:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| event_id | potential_criticality | event_summary | |
|---|---|---|---|
| 4618 | High | A monitored security event pattern has occurred. | |
| 4649 | High | A replay attack was detected. May be a harmless false positive due to misconfiguration error. | |
| 4719 | High | System audit policy was changed. | |
| 4765 | High | SID History was added to an account. | |
| 4766 | High | An attempt to add SID History to an account failed. | |
| 4794 | High | An attempt was made to set the Directory Services Restore Mode. | |
| 4897 | High | Role separation enabled: | |
| 4964 | High | Special groups have been assigned to a new logon. | |
| 5124 | High | A security setting was updated on the OCSP Responder Service |
AlexAsplund
/ Get-EventInformation.ps1
Last active
April 28, 2023 03:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $Publishers = wevtutil ep | |
| # Mååånga fel, antagligen pga. att inte eventet är dokumenterat OK hos provider | |
| $ErrorActionPreference = "SilentlyContinue" # Shh sh sh | |
| $AllEventData = Foreach($Publisher in $Publishers){ | |
| [XML]$Events = wevtutil gp $Publisher /ge /gm:true /f:xml | |
| $Events.provider.events.event | Foreach { | |
| [PSCustomObject]@{ | |
| event_id = $_.value |
OlderNewer