From e42187e83756cf6d0e0dd23d44645ec6de2f7476 Mon Sep 17 00:00:00 2001
From: ventra007 <39557783+ventra007@users.noreply.github.com>
Date: Thu, 7 Mar 2024 10:43:04 +0200
Subject: [PATCH 1/3] Create sysmon_update.ps1

A modification of the install script to fetch updated XML config and apply it to running Sysmon64 installations
---
 Windows_Sysmon/sysmon_update.ps1 | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 Windows_Sysmon/sysmon_update.ps1

diff --git a/Windows_Sysmon/sysmon_update.ps1 b/Windows_Sysmon/sysmon_update.ps1
new file mode 100644
index 0000000..888e78c
--- /dev/null
+++ b/Windows_Sysmon/sysmon_update.ps1
@@ -0,0 +1,7 @@
+$sysmonconfig_downloadlink = 'https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml'
+$sysmonconfig_file = 'sysmonconfig-export.xml'
+$OutPath = $env:TMP
+$output = $sysinternals_zip
+Invoke-WebRequest -Uri $sysmonconfig_downloadlink -OutFile $OutPath\$sysmonconfig_file
+$serviceName = 'Sysmon64'
+Start-Process -FilePath $sysinternals_folder\Sysmon64.exe -Argumentlist @("-c", "$OutPath\$sysmonconfig_file") -Verb runAs

From 97e55c048c4da64aff752d40e83a537149fcb90c Mon Sep 17 00:00:00 2001
From: ventra007 <39557783+ventra007@users.noreply.github.com>
Date: Thu, 7 Mar 2024 11:23:00 +0200
Subject: [PATCH 2/3] Update sysmon_update.ps1

---
 Windows_Sysmon/sysmon_update.ps1 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Windows_Sysmon/sysmon_update.ps1 b/Windows_Sysmon/sysmon_update.ps1
index 888e78c..ff1b21c 100644
--- a/Windows_Sysmon/sysmon_update.ps1
+++ b/Windows_Sysmon/sysmon_update.ps1
@@ -1,5 +1,10 @@
-$sysmonconfig_downloadlink = 'https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml'
+$sysinternals_folder = 'C:\Program Files\sysinternals'
+$sysinternals_zip = 'SysinternalsSuite.zip'
+$sysmonconfig_downloadlink = 'https://raw.githubusercontent.com/ventra007/sysmon-config/master/sysmonconfig-export.xml'
 $sysmonconfig_file = 'sysmonconfig-export.xml'
+
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
 $OutPath = $env:TMP
 $output = $sysinternals_zip
 Invoke-WebRequest -Uri $sysmonconfig_downloadlink -OutFile $OutPath\$sysmonconfig_file

From 19810025e780a2e30745c05c0c8eef6e8404d746 Mon Sep 17 00:00:00 2001
From: ventra007 <39557783+ventra007@users.noreply.github.com>
Date: Thu, 7 Mar 2024 11:24:50 +0200
Subject: [PATCH 3/3] Update sysmon_update.ps1

remove redundant variable
---
 Windows_Sysmon/sysmon_update.ps1 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Windows_Sysmon/sysmon_update.ps1 b/Windows_Sysmon/sysmon_update.ps1
index ff1b21c..5658839 100644
--- a/Windows_Sysmon/sysmon_update.ps1
+++ b/Windows_Sysmon/sysmon_update.ps1
@@ -8,5 +8,4 @@ $sysmonconfig_file = 'sysmonconfig-export.xml'
 $OutPath = $env:TMP
 $output = $sysinternals_zip
 Invoke-WebRequest -Uri $sysmonconfig_downloadlink -OutFile $OutPath\$sysmonconfig_file
-$serviceName = 'Sysmon64'
 Start-Process -FilePath $sysinternals_folder\Sysmon64.exe -Argumentlist @("-c", "$OutPath\$sysmonconfig_file") -Verb runAs