Skip to content

Instantly share code, notes, and snippets.

View romero126's full-sized avatar

romero126

17 followers · 2 following
View GitHub Profile
@santisq
santisq / ADX Log Parsing.md
Last active March 27, 2025 18:56

Setup new Azure Data Explorer Table from MyAADLogs

This document details the steps needed to create a new Azure Data Explorer table for ingested logs from Azure Active Directory.

All ingested logs from AAD are written to a table in ADX named MyAADLogs, this table is overwritten over and over thus the need to create a parsing function which is used to filter the new ingested logs by their category and construct new records out of it to then write them to their corresponding tables.

Query MyAADLogs Table

First step is to query the MyAADLogs table filtering by the record.category property and expanding those properties of interest from each record. We can query the same logs using Log Analytics for comparison. For example, for NonInteractiveUserSignInLogs:

@JPMonglis
JPMonglis / gzipCompress.ps1
Last active July 26, 2024 13:50
Compress gzip with Powershell
function Compress-Data
{
<#
.Synopsis
Compresses data
.Description
Compresses data into a GZipStream
.Link
Expand-Data
.Link
@nwolverson
nwolverson / PowerShell.ps1
Created December 17, 2013 10:52
function Get-VisualChildren($item) {
for ($i = 0; $i -lt [System.Windows.Media.VisualTreeHelper]::GetChildrenCount($item); $i++) {
$child = [System.Windows.Media.VisualTreeHelper]::GetChild($item, $i)
Get-VisualChildren($child)
}
$item
}
function Get-TreeItems {
Get-VisualChildren $snoopui | ? { $_.GetType().Name -eq "ProperTreeViewItem" }