trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix sysmon sourcetype, update ThreatHunting app

Browse Source
This commit is contained in:
Chris Long
2020-08-04 21:58:18 -07:00
parent 3fc3119be2
commit 84c29f6739
31 changed files with 124 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Vagrant/scripts/install-wefsubscriptions.ps1
View File

@@ -11,7 +11,7 @@ if (-not (Test-Path "$env:windir\system32\CustomEventChannels.dll"))
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Custom Event Channels Manifest..."
wevtutil im "c:\windows\system32\CustomEventChannels.man"
Write-Host "Resizing Channels to 4GB..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Resizing Channels to 4GB..."
$xml = wevtutil el | select-string -pattern "WEC"
foreach ($subscription in $xml) { wevtutil sl $subscription /ms:4294967296 }
@@ -30,7 +30,7 @@ if (-not (Test-Path "$env:windir\system32\CustomEventChannels.dll"))
}
else
{
Write-Host "WEF Subscriptions are already installed, moving on..."
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) WEF Subscriptions are already installed, moving on..."
if ((Get-Service -Name wecsvc).Status -ne "Running")
{
net start wecsvc