After I started to use Wazuh, around June 2022, I came across many pain points. Here, I recorded and grouped some of them together. There is no specific order, neither alphabetical nor by importance.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Set-Content -Path (Join-Path -Path $env:TEMP -ChildPath 'PsReadlineTest.txt') -Value 'Hello, world!' |
zbalkan
/ PATH_Cleanup.ps1
Created
May 19, 2024 13:40
This script checks the Machine and User level environment variable PATH, and remove entries if the path does not exist. Requires Administrator Privileges.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $environments = @([EnvironmentVariableTarget]::Machine, [EnvironmentVariableTarget]::User) | |
| foreach ($e in $environments) | |
| { | |
| $path = ([Environment]::GetEnvironmentVariable('Path', $e)).Split(';', [StringSplitOptions]::RemoveEmptyEntries) | |
| $pathList = [System.Collections.Generic.List[string]]::new() | |
| foreach ($p in $path) | |
| { | |
| if(Test-Path -Path $p) | |
| { |
zbalkan
/ New-SysmonArchiveQuota.ps1
Last active
November 8, 2024 13:13
If you use Sysmon and enabled FileDelete events started with Sysmon 11, you probably came up with the issue of instantly growing hidden archive. For those who have not solved the problem yet, I came up with a PowerShell cmdlet (run as SYSTEM) based on the article https://blog.nviso.eu/2022/06/30/enforcing-a-sysmon-archive-quota/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| <# | |
| .Synopsis | |
| Generates Sysmon Archive file quota for `File Delete` events to help managing the size. | |
| .DESCRIPTION | |
| Based on: https://blog.nviso.eu/2022/06/30/enforcing-a-sysmon-archive-quota/ | |
| .INPUTS | |
| None. Cmdlet does not accept pipe values. | |
| .OUTPUTS |
zbalkan
/ Uninstall OneNote Printer Driver.ps1
Last active
June 5, 2023 09:45
Source: https://superuser.com/a/1734476/1337449
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $officeFolder = Get-ChildItem -Path 'C:\Program Files\Microsoft Office\' -Filter Office* | Select-Object -ExpandProperty Name | |
| $currentPath = 'C:\Program Files\Microsoft Office\'+$officeFolder+'\OneNote' | |
| $newPath = 'C:\Program Files\Microsoft Office\'+$officeFolder+'\OneNoteOLD' | |
| Rename-Item $currentPath $newPath | |
| $drivers = pnputil /enum-drivers | |
| $drivers -split '\r?\n' | select-string -Pattern "prnms006.inf" -Context 1,0 | % { | |
| $pubName = $_.Context.PreContext[0] | |
| } |
zbalkan
/ Wazuh pain points.md
Last active
September 20, 2024 13:53
After I started to use Wazuh, around June 2022, I came across many pain points. Here, I recorded and grouped some of them together. There is no specific order, neither alphabetical nor by importance.
zbalkan
/ pysigma-wazuh-backend
Created
October 15, 2022 13:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Personal .nanorc config | |
| # Based on https://bash-prompt.net/guides/nanorc-settings/ | |
| # Non-default settings | |
| set atblanks # wrap line at blanks. | |
| set cutfromcursor # CTRL+K cuts from cursor position to end of line. | |
| #set nohelp # Disable the help information (CTRL+G to view the help screen). | |
| set softwrap # Enable softwrap of lines. | |
| set suspend # Enables CTRL+Z to suspend nano. | |
| #set tabsize 4 # Sets tab-to-spaces size to 4. |
zbalkan
/ Install-WmiFilters.ps1
Last active
July 18, 2023 11:17
Updated version of https://github.com/darkoperator/powershell_scripts/blob/master/install-wmifilters.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| Script for creating WMI Filters for use with Group Policy Manager. | |
| .DESCRIPTION | |
| The Script will create several WMI Filters for filtering based on: | |
| - Processor Architecture. | |
| - If the Hosts is a Virtual Machine | |
| - Operating System Version. | |
| - Type of Operating System. | |
| - If Java is installed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .Synopsis | |
| Time-based One-Time Password Algorithm (RFC 6238) | |
| .DESCRIPTION | |
| Based on the script of Jon Friesen - https://gist.github.com/jonfriesen/234c7471c3e3199f97d5 | |
| .EXAMPLE | |
| Get-OTP -Secret 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' # Default OTP length is 6 digits and period is 30 seconds | |
| .EXAMPLE | |
| totp -Secret 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567' # you can use totp or otp alias | |
| .EXAMPLE |
zbalkan
/ keybase.md
Created
January 15, 2022 14:11
I hereby claim:
- I am zbalkan on github.
- I am zbalkan (https://keybase.io/zbalkan) on keybase.
- I have a public key ASBBqweJA8AtahYGZFH_5frCdso79FPav7P4qXIcoLlVMAo
To claim this, I am signing this object:
NewerOlder