Azure Sentinel-related PowerShell scripts
CreateSentinelExportRule.ps1 creates an export rule that automates the backup of Azure Sentinel tables. See: How to Automate the Backup of Azure Sentinel Tables to Blob Storage Using PowerShell
DeleteSentinelExportRule.ps1 deletes the export rule created by CreateSentinelExportRule.ps1. See: How to Automate the Backup of Azure Sentinel Tables to Blob Storage Using PowerShell
ExportEventstoCSV.ps1 exports security events from a server/PC to a CSV that can then be imported to the Log Analytics workspace as a custom log for Azure Sentinel. Details around this here: Exporting Events from Disconnected Systems to Ingest into Azure Sentinel
ExportSentinelTable.ps1 exports an entire Azure Sentinel table from Log Analytics and saves it locally in to a .csv file. The save path is: "C:\SentinelTables". The filename created is Tablename-date.csv. Modify the $TableName to the table you want to export. Modify the $WorkspaceID to include your own Log Analytics workspace ID. For details, see: Export and Backup Azure Sentinel Tables Using PowerShell
Get-LogicApp2JSON.ps1 requires the LogicAppTemplate module from the PowerShell gallery. Installation: PS> Install-Module -Name LogicAppTemplate
GetTalosIPfeed.ps1 retrieves the current Talos IP list and writes it to a text file named c:\feeds\Talos.txt. Can then be imported into Azure Sentinel as TI.
ListExportRules.ps1 generates the list of export rules created by CreateSentinelExportRule.ps1. See: How to Automate the Backup of Azure Sentinel Tables to Blob Storage Using PowerShell
SetMMASettings.ps1 Configures the MMA/Log Analtyics client for WorkSpaceID, WorksSpaceKey, and Proxy URL.
ShodanScannerIPs.ps1 retrieves the current Shodan scanner IPs list and writes it to a text file named c:\feeds\RootShodanIP.txt.
TORExitNodeList.ps1 retrieves the current TOR Exit Node list and writes it to a text file named c:\feeds\TORExitNodeList.txt. Can then be imported into Azure Sentinel as TI.