Automate-Sysmon

Introduction:

Increase your logging abilities to further your ability to detect threats and malicious activity on your systems.

Recommended reading material:

• BHIS - Getting Started With Sysmon
• olafhartong/sysmon-modular
• Malware Archaeology Cheat Sheets

A list of scripts and tools this collection utilizes:

• Chocolatey - Only if you don't already have Sysmon in your local path
• SwiftOnSecurity/sysmon-config
• Microsoft Sysinternals - Sysmon

How to run the script

Automated Install:

iwr -useb 'https://simeononsecurity.ch/scripts/sosautomatesysmon.ps1'|iex

Manual Install:

If manually downloaded, the script must be launched from the directory containing all the files from the GitHub Repository

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Get-ChildItem -Recurse *.ps1 | Unblock-File
.\sos-automate-sysmon.ps1