trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into osquery_refactor

Browse Source
This commit is contained in:
Chris Long
2020-06-20 18:34:28 -07:00
committed by GitHub
parent bb12246e74 9e6670b1e2
commit 8fca376f4a
3 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Vagrant/scripts/fix-windows-expiration.ps1
View File

@@ -18,7 +18,12 @@ if ($regex.Matches.Value -eq "grace time expired") {
# If activation was successful, the regex should match 90 or 180 (Win10 or Win2016)
$regex = cscript c:\windows\system32\slmgr.vbs /dlv | select-string -Pattern "\((\d+) day\(s\)"
}
$days_left = $regex.Matches.Groups[1].Value
try {
$days_left = $regex.Matches.Groups[1].Value
} catch {
Write-Host "Unable to successfully parse the output from slmgr, not rearming"
$days_left = 90
}
if ($days_left -as [int] -lt 30) {
write-host "Less than 30 days remaining before Windows expiration. Attempting to rearm..."

6
Vagrant/scripts/install-microsoft-ata.ps1
View File

@@ -113,6 +113,7 @@ Invoke-Command -computername dc -Credential (new-object pscredential("windomain\
If (-not (Test-Path "$env:temp\gatewaysetup.zip"))
{
Write-Host "[$env:computername] ATA Gateway not yet downloaded. Downloading now..."
Invoke-WebRequest -uri https://wef/api/management/softwareUpdates/gateways/deploymentPackage -UseBasicParsing -OutFile "$env:temp\gatewaysetup.zip" -Credential (new-object pscredential("wef\vagrant",(convertto-securestring -AsPlainText -Force -String "vagrant")))
Expand-Archive -Path "$env:temp\gatewaysetup.zip" -DestinationPath "$env:temp\gatewaysetup" -Force
}
@@ -122,17 +123,20 @@ Invoke-Command -computername dc -Credential (new-object pscredential("windomain\
}
if (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics"))
{
Write-Host "[$env:computername] ATA Gateway not yet installed. Attempting to install now..."
Set-Location "$env:temp\gatewaysetup"
Start-Process -Wait -FilePath ".\Microsoft ATA Gateway Setup.exe" -ArgumentList "/q NetFrameworkCommandLineArguments=`"/q`" ConsoleAccountName=`"wef\vagrant`" ConsoleAccountPassword=`"vagrant`""
Write-Host "[$env:computername] ATA Gateway installation complete!"
}
else
{
Write-Host "[$env:computername] ATA Gateway already installed. Moving On."
}
Write-Host "[$env:computername] Waiting for the ATA Gateway service to start..."
(Get-Service ATAGateway).WaitForStatus('Running', '00:10:00')
If ((Get-Service "ATAGateway").Status -ne "Running")
{
throw "ATA lightweight gateway not running"
throw "ATA Gateway service failed to start on DC"
}
# Disable invalid web requests to endpoints with invalid SSL certs again
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = $null