You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I see that the BeaKer/Espy installation-scripts install-sysmon-beats.ps1 install winlogbeat into C:\Program Files\winlogbeat- and parts of the config in C:\ProgramData\winlogbeat. Incase winlogbeat is already installed on this machine (e.g. for some custom logging unrelated to BeaKer/Espy/AC-Hunter), the script would overwrite the previously existing installation.
My idea to not have this issue would be to create own directories in Program Files and ProgramData (e.g. espy-agent) and change the winlogbeat service installation script to create a service with another name (e.g. “espy-agent” instead “winlogbeat”).
This may also extend a little to Sysmon configuration (creating sysmon-net-only.xml), but to my understanding this xml file would probably not exist previously anyways (but it may still be worth considering to name it different, preventing any possible conflicts).
Cheers
Clemens
The text was updated successfully, but these errors were encountered:
I see that the BeaKer/Espy installation-scripts install-sysmon-beats.ps1 install winlogbeat into C:\Program Files\winlogbeat- and parts of the config in C:\ProgramData\winlogbeat. Incase winlogbeat is already installed on this machine (e.g. for some custom logging unrelated to BeaKer/Espy/AC-Hunter), the script would overwrite the previously existing installation.
My idea to not have this issue would be to create own directories in Program Files and ProgramData (e.g. espy-agent) and change the winlogbeat service installation script to create a service with another name (e.g. “espy-agent” instead “winlogbeat”).
This may also extend a little to Sysmon configuration (creating sysmon-net-only.xml), but to my understanding this xml file would probably not exist previously anyways (but it may still be worth considering to name it different, preventing any possible conflicts).
Cheers
Clemens
The text was updated successfully, but these errors were encountered: