-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSysmonReporting.ps1
22 lines (20 loc) · 1.11 KB
/
SysmonReporting.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
##TO BE RUN IN POWERSHELL 7.0##
##USES THE PARALLEL SWITCH TO ITERATE THROUGH THE AD LIST IN PARALLEL RUNSPACES##
##Set Execution-Policy scope to the current Powershell process
Set-ExecutionPolicy Unrestricted -Scope Process -Force
$ad = (Get-ADComputer -Filter *).Name
$ad | ForEach-Object -Parallel{
$x = $_
if(Invoke-Command -ComputerName $x -ScriptBlock {(Get-Service -Name sysmon -ErrorAction SilentlyContinue -Verbose).Status -eq "running"})
{
$running = "$x is currently RUNNING" | Out-File -FilePath $env:HOMEDRIVE\$env:HOMEPATH\Desktop\sysmonsuccess.log -Encoding UTF-8 -Append -Force
}
elseif(Invoke-Command -ComputerName $x -ScriptBlock {(Get-Service -Name sysmon -ErrorAction SilentlyContinue -Verbose).Status -eq "stopped"})
{
$stopped = "$x is currently STOPPED" | Out-File -FilePath $env:HOMEDRIVE\$env:HOMEPATH\Desktop\sysmonfailure.log -Encoding UTF-8 -Append -Force
}
else
{
$failed = "$x is not currently running sysmon" | Out-File -FilePath $env:HOMEDRIVE\$env:HOMEPATH\Desktop\sysmonfailure.log -Encoding UTF-8 -Append -Force
}
} -ThrottleLimit 20