Kyle Kyleslav
Kyleslav
/ install_sysmon.bat
Created
July 21, 2020 16:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @ECHO OFF | |
| if not exist "c:\windows\sysmon\" mkdir "c:\windows\sysmon\" | |
| fc c:\windows\sysmon\sysmon_config.xml "\\NETWORK_PATH\sysmon\sysmon_config.xml" > nul | |
| If "%ERRORLEVEL%" GEQ "1" ( | |
| copy /z /y "\\NETWORK_PATH\sysmon\sysmon_config.xml" "C:\windows\sysmon\" | |
| sysmon64 -c c:\windows\sysmon\sysmon_config.xml | |
| sc query "Sysmon64" | Find "RUNNING" | |
| If "%ERRORLEVEL%" EQU "1" ( |
Kyleslav
/ install_winlogbeat_updated.ps1
Created
July 21, 2020 16:49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Expand-Archive -LiteralPath \\NETWORK_PATH\winlogbeat-7.8.0-windows-x86_64.zip -DestinationPath 'c:\program files' | |
| $workdir = 'c:\program files\winlogbeat-7.8.0-windows-x86_64' | |
| Set-Location -Path $workdir | |
| Remove-Item winlogbeat.yml | |
| Copy-Item \\NETWORK_PATH\winlogbeat.yml -Destination winlogbeat.yml | |
| if (Get-Service winlogbeat -ErrorAction SilentlyContinue) { | |
| $service = Get-WmiObject -Class Win32_Service -Filter "name='winlogbeat'" | |
| $service.StopService() | |
| Start-Sleep -s 1 | |
| $service.delete() |