Posh-Sysmon.psd1
|
# # Module manifest for module 'Posh-Sysmon' # # Generated by: Carlos Perez carlos_Perez@darkoperator.com # # Generated on: 1/27/2015 # @{ # Script module or binary module file associated with this manifest. RootModule = '.\Posh-SysMon.psm1' # Version number of this module. ModuleVersion = '0.7' # ID used to uniquely identify this module GUID = 'a8ade6cb-39d5-45a1-b4aa-acf29ee34aed' # Author of this module Author = 'Carlos Perez carlos_Perez@darkoperator.com' # Company or vendor of this module CompanyName = 'Unknown' # Copyright statement for this module Copyright = '(c) 2016 Carlos Perez carlos_Perez@darkoperator.com. All rights reserved.' # Description of the functionality provided by this module Description = 'Module for the creation and managing of Sysinternal Sysmon configuration XML files.' # Minimum version of the Windows PowerShell engine required by this module PowerShellVersion = '3.0' # Name of the Windows PowerShell host required by this module # PowerShellHostName = '' # Minimum version of the Windows PowerShell host required by this module # PowerShellHostVersion = '' # Minimum version of Microsoft .NET Framework required by this module # DotNetFrameworkVersion = '' # Minimum version of the common language runtime (CLR) required by this module # CLRVersion = '' # Processor architecture (None, X86, Amd64) required by this module # ProcessorArchitecture = '' # Modules that must be imported into the global environment prior to importing this module # RequiredModules = @() # Assemblies that must be loaded prior to importing this module # RequiredAssemblies = @() # Script files (.ps1) that are run in the caller's environment prior to importing this module. ScriptsToProcess = @() # Type files (.ps1xml) to be loaded when importing this module # TypesToProcess = @() # Format files (.ps1xml) to be loaded when importing this module FormatsToProcess = @('Format\Sysmon.ConfigOption.ps1xml', 'Format\Sysmon.Rule.ps1xml','Format\Sysmon.Rule.Filter.ps1xml') # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess NestedModules = @() # Functions to export from this module FunctionsToExport = @('Get-SysmonHashingAlgorithm', 'Get-SysmonRule', 'New-SysmonConfiguration', 'New-SysmonDriverLoadFilter', 'New-SysmonFileCreateFilter', 'New-SysmonImageLoadFilter', 'New-SysmonNetworkConnectFilter', 'New-SysmonProcessCreateFilter', 'New-SysmonProcessTerminateFilter', 'Remove-SysmonRule', 'Remove-SysmonRuleFilter', 'Set-SysmonHashingAlgorithm', 'Set-SysmonRule', 'Get-SysmonEventData', 'Get-SysmonRuleFilter', 'New-SysmonProcessAccess') # Cmdlets to export from this module CmdletsToExport = '*' # Variables to export from this module VariablesToExport = '*' # Aliases to export from this module AliasesToExport = '*' # List of all modules packaged with this module ModuleList = @() # List of all files packaged with this module # FileList = @() # Private data to pass to the module specified in RootModule/ModuleToProcess PrivateData = @{ 'CreateRemoteThread' = 'CreateRemoteThread' 'NetworkConnect' ='NetworkConnect' 'ProcessCreate' = 'ProcessCreate' 'FileCreateTime' = 'FileCreateTime' 'ProcessTerminate' = 'ProcessTerminate' 'ImageLoad' = 'ImageLoad' 'DriverLoad' ='DriverLoad' 'UtcTime' ='UtcTime' 'ProcessGuid' = 'ProcessGuid' 'ProcessId' = 'ProcessId' 'Image' = 'Image' 'ImageLoaded' = 'ImageLoaded' 'Hashes' = 'Hashes' 'Signed' = 'Signed' 'Signature' = 'Signature' 'User' = 'User' 'Protocol' = 'Protocol' 'Initiated' = 'Initiated' 'SourceIsIpv6' = 'SourceIsIpv6' 'SourceIp' = 'SourceIp' 'SourceHostname' = 'SourceHostname' 'SourcePort' ='SourcePort' 'SourcePortName' = 'SourcePortName' 'SourceProcessGUID' = 'SourceProcessGUID' 'SourceImage' = 'SourceImage' 'SourceThreadId' = 'SourceThreadId' 'DestinationIsIpv6' = 'DestinationIsIpv6' 'DestinationIp' = 'DestinationIp' 'DestinationHostname' = 'DestinationHostname' 'DestinationPort' = 'DestinationPort' 'DestinationPortName' = 'DestinationPortName' 'GrantedAccess' = 'GrantedAccess' 'TargetFilename' = 'TargetFilename' 'TargetProcessGUID' = 'TargetProcessGUID' 'TargetImage' = 'TargetImage' 'TargetProcessId' = 'TargetProcessId' 'CallTrace' = 'CallTrace' 'CreationUtcTime' = 'CreationUtcTime' 'PreviousCreationUtcTime' = 'PreviousCreationUtcTime' 'CommandLine' = 'CommandLine' 'LogonGuid' = 'LogonGuid' 'LogonId' = 'LogonId' 'TerminalSessionId' = 'TerminalSessionId' 'IntegrityLevel' = 'IntegrityLevel' 'ParentProcessGuid' = 'ParentProcessGuid' 'ParentProcessId' = 'ParentProcessId' 'ParentImage' = 'ParentImage' 'ParentCommandLine' = 'ParentCommandLine' 'RawAccessRead' = 'RawAccessRead' 'ProcessAccess' = 'ProcessAccess' } # HelpInfo URI of this module # HelpInfoURI = '' # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix. # DefaultCommandPrefix = '' } |