trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add velociraptor

Browse Source
This commit is contained in:
Chris Long
2020-07-03 01:55:19 -07:00
parent 37911b150a
commit 8cc591b7d7
11 changed files with 373 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Vagrant/scripts/install-osquery.ps1
View File

@@ -1,5 +1,4 @@
# Purpose: Installs osquery on the host
# Note: by default, osquery will be configured to connect to the Fleet server on the "logger" host via TLS.
# Purpose: Installs osquery on the host. Osquery conntects to Fleet via TLS.
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing osquery..."
$flagfile = "c:\Program Files\osquery\osquery.flags"
@@ -16,7 +15,12 @@ If (-not ($service)) {
## Use the TLS config
## Add entry to hosts file for Kolide for SSL validation
If (Select-String -Path "c:\windows\system32\drivers\etc\hosts" -Pattern "kolide") {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Hosts file already updated. Moving on."
} Else {
Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Adding kolide to the hosts file"
Add-Content "c:\windows\system32\drivers\etc\hosts" " 192.168.38.105 kolide"
}
## Add kolide secret and avoid BOM
$Utf8NoBomEncoding = New-Object System.Text.UTF8Encoding $False
[System.IO.File]::WriteAllLines("c:\Program Files\osquery\kolide_secret.txt", "enrollmentsecret", $Utf8NoBomEncoding)