rebrec
rebrec
/ Watch_MECM_Deployment_For_Device.ps1
Created
September 11, 2024 07:24
Monitor MECM Deployment progress for specific device
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Extract Deployment information from MECM (SCCM) through WMI for a specific device. | |
| # Useful to monitor specific devide deployment current progression state or to get some history informations | |
| $ComputerName = "VM-XXX" # computer to find deployment information | |
| $ExecutionTime = '20240327100900.000000+000' # date of the oldest log to extract | |
| $SiteCode = "XYZ" | |
| pushd "$($SiteCode):" | |
| $steps = Get-WmiObject -ComputerName "srv-mecm-01" -Namespace "Root\SMS\site_$SiteCode" -Query "Select * from SMS_TaskSequenceExecutionStatus Where ResourceID='$(get-cmdevice -name $Computername -Fast | select -ExpandProperty ResourceId)' AND ExecutionTime > '$ExecutionTime'" ` |
rebrec
/ gist:b9ed038bf70ea68018a369051d5ea5d5
Created
February 12, 2026 15:00
[MS DEFENDER KQL] Display Alert details in an easy to read Row format (get mail info, attachements, urls, etc)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let maliciousTitles = dynamic(["Malicious URL Click", "Potentially malicious URL"]); | |
| let MaliciousUrlClickAlerts = AlertInfo | |
| | where Title has_any(maliciousTitles) | |
| | project AlertId; | |
| // | |
| let AlertDetails = AlertInfo | |
| | where AlertId in (MaliciousUrlClickAlerts) | |
| | project AlertId, AlertTimestamp = Timestamp, Title, Severity, Category; | |
| // | |
| let interestingNIDs = AlertEvidence |
OlderNewer