forked from mrebeschini/elastic-siem-workshop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsysmon-install.ps1
23 lines (21 loc) · 1.07 KB
/
sysmon-install.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
$SysmonURI = "https://download.sysinternals.com/files/Sysmon.zip"
$TempFolder = "C:\sysmon-temp"
$LocalFilePath = "$TempFolder\sysmon.zip"
$SysmonConfigFileURI = "https://raw.githubusercontent.com/olafhartong/sysmon-configs/master/sysmonconfig-v10.xml"
$LocalRulesFilePath = "C:\Windows\sysmon.xml"
if (Test-Path "C:\Windows\Sysmon64.exe")
{
Write-Host "Unistalling Sysmon"
Start-Process -WorkingDirectory "C:\Windows" -FilePath "sysmon64" -ArgumentList "-u" -Wait
}
Write-Host "Installing Sysmon..."
if (!(Test-Path $TempFolder)) {
New-Item -Path $TempFolder -Type directory
}
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri $SysmonConfigFileURI -OutFile $LocalRulesFilePath
Invoke-WebRequest -Uri $SysmonURI -OutFile $LocalFilePath
Expand-Archive -Path $LocalFilePath -DestinationPath $TempFolder
Start-Process -WorkingDirectory "$TempFolder" -FilePath "sysmon64" -ArgumentList "-accepteula -i $LocalRulesFilePath" -Wait
Remove-Item -Path $TempFolder -Recurse -Force
Write-Host "Installation Complete"