From 483a8f7d138513495ece839ea926d8968e27c817 Mon Sep 17 00:00:00 2001
From: Chris Long <clong@cl0ng.com>
Date: Sun, 4 Oct 2020 11:36:44 -0700
Subject: [PATCH] Update WEF ansible role for evtx-event-samples

---
 Azure/Ansible/roles/wef/tasks/main.yml | 9 +++++++++
 ESXi/ansible/roles/wef/tasks/main.yml  | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/Azure/Ansible/roles/wef/tasks/main.yml b/Azure/Ansible/roles/wef/tasks/main.yml
index 3681b50..d1bed68 100644
--- a/Azure/Ansible/roles/wef/tasks/main.yml
+++ b/Azure/Ansible/roles/wef/tasks/main.yml
@@ -92,6 +92,15 @@
 
 - debug: msg="{{ pstranscriptshare.stdout_lines }}"
 
+- name: Installing the EVTX Event Samples
+  win_shell: ".\\install-evtx-attack-samples.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: evtxeventsamples
+  failed_when: "'Exception' in evtxeventsamples.stdout"
+
+- debug: msg="{{ evtxeventsamples.stdout_lines }}"
+
 - name: Installing Microsoft Advanced Threat Analytics
   win_shell: ".\\install-microsoft-ata.ps1"
   args:
diff --git a/ESXi/ansible/roles/wef/tasks/main.yml b/ESXi/ansible/roles/wef/tasks/main.yml
index 6c8b91a..8ff4567 100644
--- a/ESXi/ansible/roles/wef/tasks/main.yml
+++ b/ESXi/ansible/roles/wef/tasks/main.yml
@@ -106,6 +106,15 @@
 
 - debug: msg="{{ pstranscriptshare.stdout_lines }}"
 
+- name: Installing the EVTX Event Samples
+  win_shell: ".\\install-evtx-attack-samples.ps1"
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: evtxeventsamples
+  failed_when: "'Exception' in evtxeventsamples.stdout"
+
+- debug: msg="{{ evtxeventsamples.stdout_lines }}"
+
 - name: Installing Microsoft Advanced Threat Analytics
   win_shell: ".\\install-microsoft-ata.ps1"
   args: