Writing a PS Script to run Yara against all of our Windows server stack.
Could I get some feedback regarding the following script extracts.
*Memory Scan*
Get-Process | % { & "$YaraExe" -s $YaraRlz $_.Id } -ErrorAction
SilentlyContinue >> $YaraArtMemLog 2>> $YaraArtMemErr
*Fixed Disk Scan*
$HDDs = [System.IO.DriveInfo]::getdrives() | Where-Object { $_.DriveType
-eq "Fixed" } | Select-Object Name | ForEach-Object {$_.Name}
ForEach ($Drive in $HDDs){
## $HDDs = C:\ D:\ E:\
$Drv = $Drive.SubString(0,1)
$YaraArtDskLog =
"C:\Temp\YARA\Artifacts\Artifact-Yara-$ArtDte--$Server--$Drv-drv.txt"
$YaraArtDskErr =
"C:\Temp\YARA\Artifacts\Artifact-Yara-$ArtDte--$Server--$Drv-drv-Errs.txt"
& "$YaraExe" -r -s -p 8 $YaraRlz $Drive >> $YaraArtDskLog 2>>
$YaraArtDskErr
}
** Still using L-Plates with Yara and PowerShell.*
Cheers,
Cam
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/yara-project/8c693332-bd29-4f35-9700-a777b4654ec8n%40googlegroups.com.
