dstreefkerk / sigma_converter.py

Created April 16, 2025 10:30

POC code only. Do not use.

	"""
	Sigma to Microsoft Sentinel KQL Converter
	-----------------------------------------

	This script converts Sigma detection rules to Microsoft Sentinel KQL (Kusto Query Language) format
	using the SOC Prime translation service.

	SOC Prime, Inc (https://socprime.com) provides the translation API (uncoder.io) that powers this converter.
	This script is a client for that service and is not affiliated with or endorsed by SOC Prime, Inc.

dstreefkerk / azure-mgmt-securityinsight-api-reference.md

Last active April 14, 2025 23:22

LLM-generated documentation for the Azure Management SecurityInsight SDK for Python

Azure Management SecurityInsight SDK for Python

Executive Summary
Gas stoves, which operate under the legacy Manual Cooking Protocol (MCP), have been found to allow users to willingly place their hands on active burners, resulting in severe thermal compromise. Despite long-standing warnings, manufacturers continue to ship these devices with unrestricted flame access and no built-in user safety interlocks.

Key Findings

No Authentication for Ignition: Any user, regardless of clearance or training, can initiate flame generation with a simple knob twist.
Direct Contact Vulnerability: Users can directly touch the burner while it's active. No safeguards prevent this. Zero.
Lack of User Behaviour Sandboxing: The system permits reckless multi-tasking, such as reaching over multiple lit burners to grab a spice jar.
No Real-Time Alerting: Burn events are not logged, monitored, or alerted. Incident response relies on screaming.

dstreefkerk / opinsights-all.kql

Last active February 12, 2025 04:44

Azure Resource Graph Query - Retrieve details of all accessible Sentinel-enabled Operational Insights Workspaces

	// This query retrieves all Microsoft Sentinel-enabled Log Analytics workspaces the user has access to.
	// It checks for Sentinel by looking for the 'SecurityInsights' solution in 'Microsoft.OperationsManagement/solutions'.
	// The join is done using the full resource ID of the workspace.

	resources
	\| where type == "microsoft.operationalinsights/workspaces"
	\| extend workspaceId = tostring(properties.customerId), workspaceName = name, workspaceResourceId = tolower(id)
	\| join kind=leftouter (
	resources
	\| where type == "microsoft.operationsmanagement/solutions"

dstreefkerk / oob_update.json

Last active January 9, 2025 23:29 — forked from bisskar/oob_update.json

This ARM template deploys an Azure Logic App workflow designed to notify users about updates to Microsoft Sentinel analytic rules.

	{
	"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
	"contentVersion": "1.0.0.0",
	"parameters": {
	"NamePrefix": {
	"defaultValue": "",
	"type": "String",
	"metadata": {
	"description": "Optional prefix to prepend to all resource names for easy identification."
	}

dstreefkerk / RickLog.ps1

Created November 28, 2024 00:29

	# PowerShell script in response to this:
	# https://github.com/hattonsec/hattonsec.github.io/commit/1d78938bf324fac1a68d89f83e8d6dcd785ac8bd#diff-0eb547304658805aad788d320f10bf1f292797b5e6d745a3bf617584da017051R838

	$BaseUrl = "https://log[.]linpeas[.]sh" # defanged. Don't actually do this, I just generated this script for the lolz

	# Need the lyrics in a text file somewhere
	$rick = Get-Content C:\temp\rick.txt \| Where-Object {-not [string]::IsNullOrWhiteSpace($_)}

	foreach ($roll in $rick) {
	$uuid = [guid]::NewGuid().guid -replace '-',''

dstreefkerk / profile.ps1

Last active October 15, 2024 23:19

PowerShell profile function and alias to copy the current folder's filenames to clipboard

	<#
	.SYNOPSIS
	Retrieves file names from the current folder and copies them to the clipboard.

	Drop this function and the alias definition into your PowerShell profile file to make it available in every PowerShell session.

	.EXAMPLE
	Get-FileNamesFromCurrentFolder -Recurse
	Recursively gets all file names from the current folder and subfolders, copying them to the clipboard.

dstreefkerk / gist:ffb233ce57585818f3887b63b6310188

Created March 27, 2024 00:55

List conditional access policies via PowerShell, including if they apply to MS Admin Portals (CIS Azure Foundations 1.2.7)

	# First, connect to Microsoft Graph
	Connect-MgGraph -Scopes "Policy.Read.All", "Directory.Read.All"

	# Retrieve all Conditional Access policies
	$policies = Get-MgIdentityConditionalAccessPolicy

	# Iterate through each policy
	foreach ($policy in $policies) {
	[pscustomobject]@{
	ID = $policy.Id

dstreefkerk / Export-CrowdGroupData.ps1

Last active December 9, 2023 06:49

Script to retrieve and export group data from Atlassian Crowd via REST API.

	<#
	.SYNOPSIS
	Retrieves and exports group data from Atlassian Crowd via REST API.

	.DESCRIPTION
	The Get-CrowdData function is designed to interact with the Atlassian Crowd REST API to retrieve group and group membership data from a specified Crowd Directory.

	It requires the Crowd Base URL and Directory ID as inputs. Optionally, you can specify an output path to save the exported data; if not specified, it defaults to the user's profile directory.

	Based on API documentation from here: https://docs.atlassian.com/atlassian-crowd/5.2.1/REST/

dstreefkerk / invite-entra-guests-msgraph.ps1

Created December 7, 2023 04:05

Invite Entra ID Guests with a customised message body and a specific CC recipient using Invoke-MgGraphRequest

	# Connect to Microsoft Graph
	Connect-MgGraph -Scopes "User.Invite.All"

	# Microsoft Graph API endpoint for invitations
	$graphApiUrl = "https://graph.microsoft.com/v1.0/invitations"

	# Create the invitation object
	$invitation = @{
	invitedUserDisplayName = "Daniel Streefkerk"
	invitedUserEmailAddress = "[email protected]"

Daniel dstreefkerk

Azure Management SecurityInsight SDK for Python

Table of Contents