taylor_socfortress taylorwalton
taylorwalton
/ windows agent group
Created
October 13, 2022 14:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <agent_config> | |
| <client_buffer> | |
| <!-- Agent buffer options --> | |
| <disabled>no</disabled> | |
| <queue_size>5000</queue_size> | |
| <events_per_second>500</events_per_second> | |
| </client_buffer> | |
| <!-- Policy monitoring --> | |
| <rootcheck> | |
| <disabled>no</disabled> |
taylorwalton
/ advanced detection rules
Created
October 13, 2022 14:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -so ~/wazuh_socfortress_rules.sh https://raw.githubusercontent.com/socfortress/Wazuh-Rules/main/wazuh_socfortress_rules.sh && bash ~/wazuh_socfortress_rules.sh |
taylorwalton
/ sysmon_install.ps1
Created
October 22, 2022 13:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $sysinternals_repo = 'download.sysinternals.com' | |
| $sysinternals_downloadlink = 'https://download.sysinternals.com/files/SysinternalsSuite.zip' | |
| $sysinternals_folder = 'C:\Program Files\sysinternals' | |
| $sysinternals_zip = 'SysinternalsSuite.zip' | |
| $sysmonconfig_downloadlink = 'https://raw.githubusercontent.com/olafhartong/sysmon-modular/master/sysmonconfig.xml' | |
| $sysmonconfig_file = 'sysmonconfig-export.xml' | |
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
| if (Test-Path -Path $sysinternals_folder) { |
taylorwalton
/ packetbeat_install.sh
Last active
October 20, 2023 12:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |
| PACKETBEAT_YAML="https://raw.githubusercontent.com/socfortress/Wazuh-Rules/main/Packetbeat/packetbeat.yml" | |
| logger() { | |
| now=$(date +'%m/%d/%Y %H:%M:%S') | |
| case $1 in | |
| "-e") | |
| mtype="ERROR:" |
taylorwalton
/ uninstall_wazuh_sysmon.ps1
Created
May 17, 2023 12:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Check if WazuhSvc is installed | |
| $wazuhStatus = Get-Service | Where-Object { $_.Name -eq "WazuhSvc" } | |
| if ($wazuhStatus -ne $null) { | |
| Write-Output "Wazuh-Agent (WazuhSvc) is installed. Attempting to stop (if running) and uninstall..." | |
| # Stop the service if it's running | |
| if ($wazuhStatus.Status -eq 'Running') { | |
| Stop-Service -Name "WazuhSvc" -Force | |
| } |
OlderNewer