trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
21477e376a1a88190474e49def312bca89c8d7d6
DetectionLab/Azure/Ansible/roles/wef/tasks/main.yml
Chris Long 518101dc40 Azure bugfixes
2020-06-15 00:29:45 -07:00

111 lines
3.2 KiB
YAML
Raw Blame History

---
# This needs to be made idempodent
- name: Set HostOnly DNS Address
win_shell: "Set-DnsClientServerAddress -InterfaceAlias Ethernet -ServerAddresses 192.168.38.102,8.8.8.8"
- name: Install git
win_chocolatey:
name: git
state: present
- name: Check if existing DetectionLab directory
win_stat:
path: 'c:\DetectionLab'
register: dir
- name: Git clone Detectionlab
win_shell: git clone https://github.com/clong/DetectionLab.git
args:
chdir: 'c:\'
when: not dir.stat.exists
- name: Copy scripts to c:\vagrant
win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
- name: Join the Domain
win_shell: .\\provision.ps1
args:
chdir: 'c:\vagrant\scripts'
register: wef_join_domain
changed_when: "'HasSucceeded : True' in wef_join_domain.stdout"
- debug: msg="{{ wef_join_domain.stdout_lines }}"
- name: Reboot After Joining the Domain
win_reboot:
msg: "Joining the domain. Rebooting..."
pre_reboot_delay: 15
reboot_timeout: 600
post_reboot_delay: 60
- name: Download Microsoft ATA
win_get_url:
url: http://download.microsoft.com/download/4/9/1/491394D1-3F28-4261-ABC6-C836A301290E/ATA1.9.iso
dest: "C:\\Users\\vagrant\\AppData\\Local\\Temp\\Microsoft ATA 1.9.iso"
timeout: 3600
- name: Clear Event Logs
win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
- name: Downloading the Palantir WEF Configuration
win_shell: ".\\download_palantir_wef.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: palantir_wef
failed_when: "'Exception' in palantir_wef.stdout"
- debug: msg="{{ palantir_wef.stdout_lines }}"
- name: Installing WEF Subscriptions
win_shell: ".\\install-wefsubscriptions.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: wef_subscriptions
failed_when: "'Exception' in wef_subscriptions.stdout"
- debug: msg="{{ wef_subscriptions.stdout_lines }}"
- name: Installing the Splunk Universal Forwarder
win_shell: ".\\install-splunkuf.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: splunkuf
failed_when: "'Exception' in splunkuf.stdout"
- debug: msg="{{ splunkuf.stdout_lines }}"
- name: Install Splunk Windows TA
win_shell: ".\\install-windows_ta.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: windowsta
failed_when: "'Exception' in windowsta.stdout"
- debug: msg="{{ windowsta.stdout_lines }}"
- name: Installing the Powershell Log Transcription Share
win_shell: ".\\configure-pslogstranscriptsshare.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: pstranscriptshare
failed_when: "'Exception' in pstranscriptshare.stdout"
- debug: msg="{{ pstranscriptshare.stdout_lines }}"
- name: Installing Microsoft Advanced Threat Analytics
win_shell: ".\\install-microsoft-ata.ps1"
args:
chdir: 'c:\vagrant\scripts'
register: windowsata
failed_when: "'Exception' in windowsata.stdout"
- debug: msg="{{ windowsata.stdout_lines }}"
- name: Configure WEF with raw Commands
win_shell: "{{ item }}"
with_items:
- "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
- "Set-SmbServerConfiguration -AuditSmb1Access $true -Force"
Reference in New Issue View Git Blame Copy Permalink