chore: Added a simulated busy system

Also changed the numbers to allow up to about 5% of more events

Author: humpalum

.github/workflows/main.yml

@@ -5,10 +5,10 @@ on:
   # main branch
   push:
     branches:
-    - master
+    - main
   pull_request:
     branches:
-    - master
+    - main
   workflow_dispatch:
 
 jobs:
@@ -27,5 +27,22 @@ jobs:
       shell: powershell
 
     - name: Check Eventcount
-      run:  '$EventCount = 0 ;Get-WinEvent -ListLog * | where {$_.RecordCount -gt 0} | foreach{$_;$EventCount = $EventCount + $_.RecordCount}|Out-Null;"Eventcount: "+$EventCount; if ($EventCount -gt 56000){ Write-Output "Too many events"; $host.SetShouldExit(1)}'
+      run:  '$EventCount = 0 ;Get-WinEvent -ListLog * | where {$_.RecordCount -gt 0} | foreach{$_;$EventCount = $EventCount + $_.RecordCount}|Out-Null;"Eventcount: "+$EventCount; if ($EventCount -gt 52500){ Write-Output "Too many events"; $host.SetShouldExit(1)}'
+      shell: powershell
+      
+  busySystem:
+    runs-on: 'windows-latest'
+    steps:
+    - name: Checkout open-sysmon-conf
+      uses: actions/checkout@v2
+    
+    - name: Download Sysmon 
+      run: Invoke-WebRequest http://live.sysinternals.com/tools/sysmon.exe -OutFile .\sysmon.exe
+      shell: powershell
+      
+    - name: Install some Choco Packages
+      run: choco install ninja adobereader googlechrome firefox jre8 notepadplusplus.install vlc python3 dotnetfx openssh winrar nodejs.install foxitreader autohotkey.portable putty.install skype ccleaner winlogbeat gimp
+    
+    - name: Check Eventcount Post Choco
+      run:  '$EventCount = 0 ;Get-WinEvent -ListLog * | where {$_.RecordCount -gt 0} | foreach{$_;$EventCount = $EventCount + $_.RecordCount}|Out-Null;"Eventcount: "+$EventCount; if ($EventCount -gt 54000){ Write-Output "Too many events"; $host.SetShouldExit(1)}'
       shell: powershell