Skip to content

Instantly share code, notes, and snippets.

View AlexAsplund's full-sized avatar

Alex Asplund AlexAsplund

30 followers · 1 following
  • Sweden
View GitHub Profile
@AlexAsplund
AlexAsplund / Get-EventInformation.ps1
Last active April 28, 2023 03:51
$Publishers = wevtutil ep
# Mååånga fel, antagligen pga. att inte eventet är dokumenterat OK hos provider
$ErrorActionPreference = "SilentlyContinue" # Shh sh sh
$AllEventData = Foreach($Publisher in $Publishers){
[XML]$Events = wevtutil gp $Publisher /ge /gm:true /f:xml
$Events.provider.events.event | Foreach {
[PSCustomObject]@{
event_id = $_.value
@AlexAsplund
AlexAsplund / ad-events.csv
Created April 8, 2020 10:15
event_id potential_criticality event_summary
4618 High A monitored security event pattern has occurred.
4649 High A replay attack was detected. May be a harmless false positive due to misconfiguration error.
4719 High System audit policy was changed.
4765 High SID History was added to an account.
4766 High An attempt to add SID History to an account failed.
4794 High An attempt was made to set the Directory Services Restore Mode.
4897 High Role separation enabled:
4964 High Special groups have been assigned to a new logon.
5124 High A security setting was updated on the OCSP Responder Service
@AlexAsplund
AlexAsplund / Add-OpsGenieUser.ps1
Created January 8, 2020 15:55
Function Add-OpsGenieUser {
[cmdletbinding()]
param(
[parameter(mandatory)]
[string]$UserName,
[parameter(mandatory)]
[string]$FullName,
[parameter(mandatory)]
@AlexAsplund
AlexAsplund / Get-AzureADAlertsToGraylog.ps1
Created October 30, 2019 12:24
param(
# User = ClientId Pass = Secret
[parameter(Mandatory)]
[PSCredential]$Credential,
[parameter(Mandatory)]
$TenantName
[parameter(Mandatory)]
$GelfServer
@AlexAsplund
AlexAsplund / Send-AdhcResultToPrtg.ps1
Created September 1, 2019 17:12
$PRTGUrl = "http://prtg.contoso.com:5050/"
#################################
# Functions
#################################
function New-PRTGResult {
param(
[string]$Channel,
[string]$Value,
[string]$Float,
@AlexAsplund
AlexAsplund / ADHealthCheck-NoReport.ps1
Last active June 17, 2023 01:58
<#
Author: Alex Asplund
Description:
Will perform a series of health checks on AD.
Designed to be ran on a Domain Controller as a Domain Admin
Uses WSMAN, LDAP, RPC etc to speak to other DomainControllers.
#>
@AlexAsplund
AlexAsplund / New-AdhcResult
Last active September 26, 2019 17:42
Function New-AdhcResult {
[cmdletbinding()]
param(
# Source of the result. The computer that was tested
[parameter(ValueFromPipelineByPropertyName)]
[string]$Source = $env:COMPUTERNAME,
# Name of the test
[parameter(Mandatory,ValueFromPipelineByPropertyName)]
[string]$TestName,
@AlexAsplund
AlexAsplund / Test-AdhcDcDiag.ps1
Last active April 28, 2023 03:41
Class AdhcResult {
[string]$Source
[string]$TestName
[bool]$Pass
$Was
$ShouldBe
[string]$Category
[string]$Message
$Data
[string[]]$Tags
@AlexAsplund
AlexAsplund / Copy-CustomADUser.ps1
Created May 29, 2019 22:57
<#
.Synopsis
Kopierar en användare
.DESCRIPTION
Kopierar en användare med hjälp av en hashtable för mappning av attributer.
Hashtable ska vara enligt format @{>SourceUserAttribute> = <New-ADUser parametername>}
Exempel:
$Hashtable = @{
mail = 'EmailAddress'
@AlexAsplund
AlexAsplund / Send-AzureIdentityRiskLogsToGelf.ps1
Last active March 22, 2019 08:05
<#
.SYNOPSIS
Pulls Azure Identity Risk logs and sends them to a gelf-server through TCP.
.DESCRIPTION
Pulls Azure Identity Risk logs and sends them to a gelf-server.
Requires the PSGelf module (Install-Module -Name PSGELF).
AppCredentials should be supplied as Credential object with AppID as username and AppKey as password.
.EXAMPLE
PS C:\> .\Script.ps1 -AppCredential $Credential -TenantName mytenant.onmicrosoft.com -GelfServer gelf.domain.com -GelfPort <portnumber>
Explanation of what the example does