trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Adding timestamps to scripts, Vagrantfile_prebuilt, logo

Browse Source
This commit is contained in:
Chris Long
2019-05-06 09:26:59 -07:00
parent 5a6c5408b0
commit 1261c0dfd8
31 changed files with 272 additions and 170 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
Vagrant/scripts/install-wefsubscriptions.ps1
View File

@@ -1,31 +1,31 @@
# Purpose: Imports the custom Windows Event Channel and XML subscriptions on the WEF host
# Note: This only needs to be installed on the WEF server
Write-Host "Installing WEF Subscriptions..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing WEF Subscriptions..."
Write-Host "Copying Custom Event Channels DLL..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Copying Custom Event Channels DLL..."
if (-not (Test-Path "$env:windir\system32\CustomEventChannels.dll"))
{
Copy-Item c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\windows-event-channels\CustomEventChannels.dll "$env:windir\system32"
Copy-Item c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\windows-event-channels\CustomEventChannels.man "$env:windir\system32"
Write-Host "Installing Custom Event Channels Manifest..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Custom Event Channels Manifest..."
wevtutil im "c:\windows\system32\CustomEventChannels.man"
Write-Host "Resizing Channels to 4GB..."
$xml = wevtutil el | select-string -pattern "WEC"
foreach ($subscription in $xml) { wevtutil sl $subscription /ms:4294967296 }
Write-Host "Starting the Windows Event Collector Service..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Starting the Windows Event Collector Service..."
net start wecsvc
Write-Host "Creating custom event subscriptions..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating custom event subscriptions..."
cd c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\wef-subscriptions
cmd /c "for /r %i in (*.xml) do wecutil cs %i"
Write-Host "Enabling custom event subscriptions..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Enabling custom event subscriptions..."
cmd /c "for /r %i in (*.xml) do wecutil ss %~ni /e:true"
Write-Host "Enabling WecUtil Quick Config..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Enabling WecUtil Quick Config..."
wecutil qc /q:true
}
else