private void PrintSysmonConfiguration() { Beaprint.MainPrint("Enumerating Sysmon configuration"); Dictionary <string, string> colors = new Dictionary <string, string> { { SysMon.NotDefined, Beaprint.ansi_color_bad }, { "False", Beaprint.ansi_color_bad }, }; try { if (!MyUtils.IsHighIntegrity()) { Beaprint.NoColorPrint(" You must be an administrator to run this check"); return; } foreach (var item in SysMon.GetSysMonInfos()) { Beaprint.AnsiPrint($" Installed: {item.Installed}\n" + $" Hashing Algorithm: {item.HashingAlgorithm.GetDescription()}\n" + $" Options: {item.Options.GetDescription()}\n" + $" Rules: {item.Rules}\n", colors); Beaprint.PrintLineSeparator(); } } catch (Exception) { } }
private void PrintSysmonEventLogs() { Beaprint.MainPrint("Enumerating Sysmon process creation logs (1)"); try { if (!MyUtils.IsHighIntegrity()) { Beaprint.NoColorPrint(" You must be an administrator to run this check"); return; } foreach (var item in SysMon.GetSysMonEventInfos()) { Beaprint.BadPrint($" EventID: {item.EventID}\n" + $" User Name: {item.UserName}\n" + $" Time Created: {item.TimeCreated}\n"); Beaprint.PrintLineSeparator(); } } catch (Exception) { } }