forked from mrebeschini/elastic-siem-workshop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinit-script-windows.txt
23 lines (18 loc) · 1.24 KB
/
init-script-windows.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
<powershell>
$SrcUri = "https://raw.githubusercontent.com/mrebeschini/elastic-siem-workshop/master/"
$HomeDir = "C:\Users\Administrator\Elastic\"
$TempDir = "C:\Windows\Temp\"
New-Item -Path $HomeDir -Type directory
Invoke-Expression "Set-MpPreference -DisableRealtimeMonitoring 1"
Invoke-Expression "Set-MpPreference -ExclusionPath C:\Users\Administrator\Elastic"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri "$SrcUri/beats-install.ps1" -OutFile "$HomeDir\beats-install.ps1"
Invoke-WebRequest -Uri "$SrcUri/sysmon-install.ps1" -OutFile "$HomeDir\sysmon-install.ps1"
Invoke-WebRequest -Uri "https://www.python.org/ftp/python/2.7.17/python-2.7.17.amd64.msi" -OutFile "$TempDir\python.msi"
$MSIArguments = $("/i", "$TempDir\python.msi", "/qn", "/norestart", "ADDLOCAL=ALL")
Start-Process "msiexec.exe" -ArgumentList $MSIArguments -Wait -NoNewWindow
Invoke-WebRequest -Uri "https://github.com/endgameinc/RTA/archive/master.zip" -OutFile "$TempDir\RTA.zip"
Expand-Archive -Path "$TempDir\RTA.zip" -DestinationPath $HomeDir\
Remove-Item -Recurse -Force "C:\Users\Administrator\eclipse-workspace"
</powershell>
<persist>true</persist>