-
Notifications
You must be signed in to change notification settings - Fork 0
/
install-sysmon.ps1
28 lines (24 loc) · 1.05 KB
/
install-sysmon.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# uses config from Olaf Hartong's sysmon-modular project
# https://github.com/olafhartong/sysmon-modular
$SysmonUrl = "https://download.sysinternals.com/files/Sysmon.zip"
$SysmonConfigUrl = "https://raw.githubusercontent.com/olafhartong/sysmon-modular/master/sysmonconfig.xml"
$SysmonFolder = "C:\sysmon"
$SysmonArchivePath = "$SysmonFolder\sysmon.zip"
$SysmonConfigPath = "$SysmonFolder\sysmonconfig.xml"
# abort if there's nothing to do
$exists = tasklist | Select-String "sysmon"
if ($exists) {
Write-Information -Message "Sysmon is already installed."
return
}
# download and extract sysmon
New-Item -Path $SysmonFolder -ItemType "directory"
Invoke-WebRequest $SysmonUrl -OutFile $SysmonArchivePath
Expand-Archive -LiteralPath $SysmonArchivePath -DestinationPath $SysmonFolder
# download and extract sysmon config
Invoke-WebRequest $SysmonConfigUrl -Outfile $SysmonConfigPath
# install sysmon
& "$SysmonFolder\Sysmon64.exe" -accepteula -i $SysmonConfigPath
if (tasklist | Select-String "sysmon") {
Write-Information -Message "Sysmon installed successfully."
}