private void PrintSysmonConfiguration()
{
Beaprint.MainPrint("Enumerating Sysmon configuration");
Dictionary <string, string> colors = new Dictionary <string, string>
{
{ SysMon.NotDefined, Beaprint.ansi_color_bad },
{ "False", Beaprint.ansi_color_bad },
};
try
{
if (!MyUtils.IsHighIntegrity())
{
Beaprint.NoColorPrint(" You must be an administrator to run this check");
return;
}
foreach (var item in SysMon.GetSysMonInfos())
{
Beaprint.AnsiPrint($" Installed: {item.Installed}\n" +
$" Hashing Algorithm: {item.HashingAlgorithm.GetDescription()}\n" +
$" Options: {item.Options.GetDescription()}\n" +
$" Rules: {item.Rules}\n",
colors);
Beaprint.PrintLineSeparator();
}
}
catch (Exception)
{
}
}
private void PrintSysmonEventLogs()
{
Beaprint.MainPrint("Enumerating Sysmon process creation logs (1)");
try
{
if (!MyUtils.IsHighIntegrity())
{
Beaprint.NoColorPrint(" You must be an administrator to run this check");
return;
}
foreach (var item in SysMon.GetSysMonEventInfos())
{
Beaprint.BadPrint($" EventID: {item.EventID}\n" +
$" User Name: {item.UserName}\n" +
$" Time Created: {item.TimeCreated}\n");
Beaprint.PrintLineSeparator();
}
}
catch (Exception)
{
}
}
