forked from Cyber74-LLC/Install-Sysmon
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathInstall-Sysmon.ps1
58 lines (39 loc) · 1.48 KB
/
Install-Sysmon.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<#
.SYNOPSIS
Install-Sysmon downloads the Sysmon executables archive and installs Sysmon64.exe
with a configuration file.
.DESCRIPTION
PowerShell script or module to install Sysmon with configuration
.PARAMETER path
The path to the working directory. Default is user Documents.
.EXAMPLE
Install-Sysmon -path C:\Temp
#>
[CmdletBinding()]
#Establish parameters for path
param (
$path = "C:\Temp"
)
#Test path and create it if required
If(!(test-path $path))
{
Write-Information -MessageData "Path does not exist. Creating Path..." -InformationAction Continue;
New-Item -ItemType Directory -Force -Path $path | Out-Null;
Write-Information -MessageData "...Complete" -InformationAction Continue
}
Set-Location $path
Write-Host "Location set $path"
Write-Host "Retrieving Sysmon..."
Invoke-WebRequest -Uri https://download.sysinternals.com/files/Sysmon.zip -Outfile Sysmon.zip
Write-Host "Sysmon Retrived"
Write-Host "Unzip Sysmon..."
Expand-Archive Sysmon.zip -Force
Set-Location $path\Sysmon
Write-Host "Unzip Complete."
Write-Host "Retrieving Configuration File..."
Invoke-WebRequest -Uri https://raw.githubusercontent.com/Cyber74-Brian-McCaleb/sysmon-modular/master/c74prod.xml -Outfile sysmonconfig-export.xml
Write-Host "Configuration File Retrieved."
Write-Host "Installing Sysmon..."
.\sysmon64.exe -accepteula -i sysmonconfig-export.xml
.\sysmon64.exe -accepteula -c sysmonconfig-export.xml
Write-Host "Sysmon Installed!"