File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : CI
2+
3+ on :
4+ # Trigger the workflow on push or pull requests, but only for the
5+ # main branch
6+ push :
7+ branches :
8+ - master
9+ pull_request :
10+ branches :
11+ - master
12+ workflow_dispatch :
13+
14+ jobs :
15+ msbuild :
16+ runs-on : ' windows-latest'
17+ steps :
18+ - name : Checkout open-sysmon-conf
19+ uses : actions/checkout@v2
20+
21+ - name : Download Sysmon
22+ run : Invoke-WebRequest http://live.sysinternals.com/tools/sysmon.exe -OutFile .\sysmon.exe
23+ shell : powershell
24+
25+ - name : Run Sysmon
26+ run : .\sysmon.exe -accepteula -i sysmonconfig-export.xml
27+ shell : powershell
28+
29+ - name : Check Eventcount
30+ run : ' $EventCount = 0 ;Get-WinEvent -ListLog Microsoft-Windows-Sysmon* | where {$_.RecordCount -gt 0} | foreach{$_;$EventCount = $EventCount + $_.RecordCount}|Out-Null;"Eventcount: "+$EventCount; if ($EventCount -gt 50){ Write-Output "Too many events"; $host.SetShouldExit(1)}'
31+ shell : powershell
32+
33+ busySystem :
34+ runs-on : ' windows-latest'
35+ steps :
36+ - name : Checkout open-sysmon-conf
37+ uses : actions/checkout@v2
38+
39+ - name : Download Sysmon
40+ run : Invoke-WebRequest http://live.sysinternals.com/tools/sysmon.exe -OutFile .\sysmon.exe
41+ shell : powershell
42+
43+ - name : Run Sysmon
44+ run : .\sysmon.exe -accepteula -i sysmonconfig-export.xml
45+ shell : powershell
46+
47+ - name : Print Eventcount
48+ run : Get-WinEvent -ListLog Microsoft-Windows-Sysmon*
49+
50+ - name : Install some Choco Packages
51+ run : choco install ninja adobereader googlechrome firefox jre8 notepadplusplus.install vlc python3 dotnetfx openssh winrar nodejs.install foxitreader autohotkey.portable putty.install skype ccleaner winlogbeat gimp
52+
53+ - name : Check Eventcount
54+ run : ' $EventCount = 0 ;Get-WinEvent -ListLog Microsoft-Windows-Sysmon* | where {$_.RecordCount -gt 0} | foreach{$_;$EventCount = $EventCount + $_.RecordCount}|Out-Null;"Eventcount: "+$EventCount; if ($EventCount -gt 10000){ Write-Output "Too many events"; $host.SetShouldExit(1)}'
55+ shell : powershell
You can’t perform that action at this time.
0 commit comments