This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
blacklist1 = \bEventCode=(4662|566)\b[\s\S]*?\bObject Type:\s+(?!groupPolicyContainer)\b | |
blacklist2 = \bEventCode=(4656|4670|4663|4703|4658|4688)\b[\s\S]*?\bAccount Name:\s*([^\s\$]+[^\s\$])\b | |
blacklist3 = \bEventCode=4624\b[\s\S]*?\bAn account was successfully logged on(\n|\r)*\b | |
blacklist4 = \bEventCode=(4688|4689)\b[\s\S]*?\bProcess Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)\b | |
blacklist5 = \bEventCode=6278\b[\s\S]*?\bNetwork Policy Server granted full access to a user because the host met the defined health policy.\b |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
blacklist1 = EventCode="(4662|566)" Message="Object Type:\s+(?!groupPolicyContainer)" | |
blacklist2 = EventCode="(4656|4670|4663|4703|4658|4688)" Message="Account Name:\s*([^\s\$]+[^\s\$])" | |
blacklist3 = EventCode="4624" Message="An account was successfully logged on(\n|\r)*" | |
blacklist4 = EventCode="(4688|4689)" Message="Process Name:\s*(?i)(?:[C-F]:\\Program Files\\Splunk(?:UniversalForwarder)?\\bin\\(?:btool|splunkd|splunk|splunk\-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi|optimize))\.exe)" | |
blacklist5 = EventCode="6278" Message="Network Policy Server granted full access to a user because the host met the defined health policy." |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[source::WinEventLog:System] | |
SEDCMD-clean_info_text_from_winsystem_events_this_event = s/This event is generated[\S\s\r\n]+$//g | |
[source::WinEventLog:Security] | |
SEDCMD-windows_security_event_formater = s/(?m)(^\s+[^:]+\:)\s+-?$/\1/g | |
SEDCMD-windows_security_event_formater_null_sid_id = s/(?m)(:)(\s+NULL SID)$/\1/g s/(?m)(ID:)(\s+0x0)$/\1/g | |
SEDCMD-cleansrcip = s/(Source Network Address: (\:\:1|127\.0\.0\.1))/Source Network Address:/ | |
SEDCMD-cleansrcport = s/(Source Port:\s*0)/Source Port:/ | |
SEDCMD-remove_ffff = s/::ffff://g | |
SEDCMD-clean_info_text_from_winsecurity_events_certificate_information = s/Certificate information is only[\S\s\r\n]+$//g |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$compACMEChall = Complete-ACMEChallenge $domain -ChallengeType dns-01 -Handler manual | |
$dnsRRName = ($compACMEChall.Challenges | Where-Object {$_.Type -eq "dns-01"}).Challenge.RecordName | |
$dnsRRValue = ($compACMEChall.Challenges | Where-Object {$_.Type -eq "dns-01"}).Challenge.RecordValue | |
$rs = New-AzureRmDnsRecordSet -Name $dnsRRName -RecordType TXT -Ttl 60 -ZoneName $url -ResourceGroupName $RGName | |
Add-AzureRmDnsRecordConfig -RecordSet $rs -Value $dnsRRValue | |
Set-AzureRmDnsRecordSet -RecordSet $rs |