trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix sysmon sourcetype, update ThreatHunting app

Browse Source
This commit is contained in:
Chris Long
2020-08-04 21:58:18 -07:00
parent 3fc3119be2
commit 84c29f6739
31 changed files with 124 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Vagrant/scripts/install-osquery.ps1
View File

@@ -5,7 +5,7 @@ $flagfile = "c:\Program Files\osquery\osquery.flags"
choco install -y --limit-output --no-progress osquery | Out-String # Apparently Out-String makes the process wait
$service = Get-WmiObject -Class Win32_Service -Filter "Name='osqueryd'"
If (-not ($service)) {
Write-Host "Setting osquery to run as a service"
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting osquery to run as a service"
New-Service -Name "osqueryd" -BinaryPathName "C:\Program Files\osquery\osqueryd\osqueryd.exe --flagfile=`"C:\Program Files\osquery\osquery.flags`""
# Download the flags file from the Palantir osquery-configuration Github
@@ -38,7 +38,7 @@ If (-not ($service)) {
Start-Service osqueryd
}
else {
Write-Host "osquery is already installed. Moving On."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) osquery is already installed. Moving On."
}
If ((Get-Service -name osqueryd).Status -ne "Running")
{