Endpoint Security: BitLocker Key Escrow to IT Glue

The Workflow The Implementation Relying on manual documentation for BitLocker recovery keys often results in locked data when an endpoint fails. This script automates the escrow process, pulling the active numeric password from the local disk and pushing it directly into an IT Glue configuration record via their REST API. 1. The Workflow The script performs the following steps: Extraction: Queries the WMI namespace for the active, 48-digit BitLocker Numeric Password on the OS drive. Authentication: Connects to the IT Glue API using a secure organizational API key. Payload Delivery: Matches the local Hostname to the IT Glue Configuration ID and PATCHes the “BitLocker Key” custom field with the extracted key. 2. The Implementation # IT Glue API Configuration $ITGKey = "YOUR_ITGLUE_API_KEY" $ITGBaseUrl = "[https://api.itglue.com](https://api.itglue.com)" $Header = @{ "x-api-key" = $ITGKey "Content-Type" = "application/vnd.api+json" } $BitLocker = Get-BitLockerVolume -MountPoint $env:SystemDrive $RecoveryKey = ($BitLocker.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' }).RecoveryPassword $SearchUri = "$ITGBaseUrl/configurations?filter[name]=$env:COMPUTERNAME" $ConfigRecord = Invoke-RestMethod -Uri $SearchUri -Method Get -Headers $Header if ($ConfigRecord.data) { $Payload = @{ data = @{ type = "configurations" attributes = @{ "custom-fields" = @{ "bitlocker-recovery-key" = $RecoveryKey } } } } | ConvertTo-Json -Depth 10 Invoke-RestMethod -Uri "$ITGBaseUrl/configurations/$($ConfigRecord.data[0].id)" -Method Patch -Headers $Header -Body $Payload }

May 3, 2026 · 1 min · Alfred van Ster

Networking: Cisco Meraki Automated Configuration Backup

The Workflow The Implementation Meraki dashboards are convenient, but if an admin accidentally modifies a critical firewall rule, rolling back is a nightmare. This Python script uses the Meraki Dashboard API to serialize your network configurations into a secure JSON format. 1. The Workflow The script performs the following steps: Authentication: Initializes the Meraki SDK using a read-only API key. Iteration: Loops through the Organization to find all active Networks. Extraction: Pulls VLAN subnets, SSID configurations, and MX L3 Firewall rules. Serialization: Dumps the state into a structured JSON file. 2. The Implementation import meraki import json from datetime import datetime API_KEY = 'YOUR_MERAKI_API_KEY' ORG_ID = 'YOUR_ORG_ID' dashboard = meraki.DashboardAPI(API_KEY, suppress_logging=True) def backup_network_config(): networks = dashboard.organizations.getOrganizationNetworks(ORG_ID) backup_data = {} for net in networks: net_id = net['id'] net_name = net['name'] backup_data[net_name] = {'vlans': dashboard.appliance.getNetworkApplianceVlans(net_id)} filename = f"meraki_backup_{datetime.now().strftime('%Y%m%d')}.json" with open(filename, 'w') as f: json.dump(backup_data, f, indent=4)

May 3, 2026 · 1 min · Alfred van Ster

SecOps: SentinelOne Global Threat Scraper

When a new 0-day vulnerability or a suspicious file hash is identified, waiting for a scheduled scan is not an option. This PowerShell tool utilizes the SentinelOne Management API to “scrape” the entire fleet for specific indicators of compromise (IOCs). 1. The Workflow The script performs the following steps: Authentication: Connects via API Token to the S1 Management Console. Query: Requests a list of all endpoints where a specific file hash or process has been detected in the last 24 hours. Reporting: Generates a CSV list of infected Hostnames, IP addresses, and the “Detection State” (Mitigated vs. Active). 2. The Implementation # S1 API Configuration $ApiToken = "YOUR_API_TOKEN" $BaseUrl = "[https://your-console.sentinelone.net/web/api/v2.1](https://your-console.sentinelone.net/web/api/v2.1)" $Header = @{ "Authorization" = "Token $ApiToken" } # Define the Threat Hash to hunt for $TargetHash = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" # Search for the hash across the site $Response = Invoke-RestMethod -Uri "$BaseUrl/threats?contentHashes=$TargetHash" -Method Get -Headers $Header if ($Response.data) { Write-Host "ALERT: Threat detected on $($Response.data.count) endpoints!" -ForegroundColor Red $Response.data | Select-Object computerName, lastActiveDate, threatName | Export-Csv -Path "./ThreatReport.csv" } else { Write-Host "Clear: No matches found for the target hash." -ForegroundColor Green }

January 10, 2026 · 1 min · Alfred van Ster