This PowerShell script automates the installation and configuration of Sysmon, Wazuh EDR Agent, and YARA on a Windows machine. It also downloads and sets up Active-Response scripts.
- Installs and Configures Sysmon for event logging.
- Installs Wazuh EDR Agent with configurable parameters.
- Downloads and installs YARA with malware detection rules.
- Downloads and sets up Active-Response scripts for automated threat response.
The script performs the following installations:
| Module | Description |
|---|---|
| Sysmon | Logs system activity for security analysis. |
| Wazuh EDR | Endpoint Detection and Response agent. |
| YARA | Malware classification and detection tool. |
| Active-Response | Security response automation scripts. |
- Click Start, search for
PowerShell, right-click and select Run as Administrator.
Set-ExecutionPolicy Bypass -Scope Process -Force
.\install_sysmon_wazuh_yara.ps1If you need to add more files to the Active-Response directory, follow these steps:
Edit the PowerShell script (install_sysmon_wazuh_yara.ps1) and locate this section:
$activeResponseFiles = @(
"remove-threat.py",
"another-script.bat",
"some-config.json"
)