Update main.yml #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Run Atomic Test with Sysmon Monitoring | |
| on: [push] | |
| jobs: | |
| sysmon-atomic-test: | |
| runs-on: windows-latest | |
| name: Sysmon and Atomic Red Team Test | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Install Sysmon | |
| shell: pwsh | |
| run: | | |
| Invoke-WebRequest -Uri "https://live.sysinternals.com/Sysmon64.exe" -OutFile "Sysmon64.exe" | |
| Invoke-WebRequest -Uri "https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml" -OutFile "sysmonconfig.xml" | |
| .\Sysmon64.exe -accepteula -i sysmonconfig.xml | |
| - name: Install Atomic Red Team | |
| shell: pwsh | |
| run: | | |
| IEX (Invoke-WebRequest 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing); | |
| Install-AtomicRedTeam -getAtomics -Force | |
| - name: Run Atomic Test | |
| shell: pwsh | |
| run: | | |
| # Run your specific Atomic Red Team test | |
| Invoke-AtomicTest T1059.003 -TestNumbers 2 | |
| - name: Retrieve Sysmon Logs | |
| shell: pwsh | |
| run: | | |
| # Fetch and display Sysmon log entries | |
| Get-WinEvent -LogName "Microsoft-Windows-Sysmon/Operational" -MaxEvents 50 | Format-Table -AutoSize | Out-String -Width 4096 |