This example uses PowerShell to write a JSON data file into Log Analytics (and Microsoft Sentinel).
Note this uses a second function "Get-Signature" for signing the data being written to the workspace. That function can be viewed here:
PowerShell Function - Create Signature for writing Log Analytics data | Laurie Rhodes' Info
This code snippet demonstrates how to run a Kusto query against Azure Data Explorer (ADX) using PowerShell.
The code snippet below shows how to run Resource Graph queries with PowerShell. The example uses a custom PowerShell class that may be used for streaming objects back to a Log Analytics workspace.
Azure’s ARM templates have been a rite of passage for all Azure engineers. No one who has been working with the cloud at any depth will be without late-night stories of frustration. The Azure Resource Manager is a service that accepts specially constructed JSON templates and uses those templates to provision each object represented within.
Every object in Azure is identified by a unique, hierarchy-based Resource ID.
Every object type has an associated range of different API versions that act as different schemas for that object type.
This example uses PowerShell and REST for connecting to the Azure Management API for managing the cloud platform.
This example uses the Password grant type (Username and Password) for connecting to Azure.
Azure allows Virtual Machine extension objects to be attached to provisioned virtual machines. As they are objects, they may be declared directly with Resource Manager templates.
Using Azure's Point-to-site vpn avoids having to expose ssh or winrm ports to the internet to get onto the systems.
Before a Point-to-site VPN can be established, a Virtual Network Gateway must be created. This will be associated with the Virtual Network that will be accessible.
Access to the network will be controlled by certificates.
This PowerShell code snippet creates an Azure AD application registration with an associated SPN and self-signed certificate for Azure authentication.
I've used this for generating certificates that Virtual Machines can use for authenticating to Azure as an alternative to Managed Identities.
All virtual machine disks are accessible by WebAPI off their underlying Storage volume (either through Storage Account Access or through Snapshot usage with Managed Disks). In the case of Storage Accounts, a single factor of access exists for retrieval of disk Images from the internet (knowledge of URI and Storage Account key). Different controls may be implemented to reduce the threat of data loss. Core to these controls is the requirement for all data to be encrypted at REST.