PSWatcher

PSWatcher is aimed at helping you implement a free solution to monitor your internet resources. When it was first created, it was a manual process however, I’ve now tried to automate it to make life easier.

Source: https://github.com/securethelogs/PSWatcher

The script does not need to be ran as admin, and will run through the following:

  • How and what we are scanning
  • Creating the PSWatcher script
  • Creating the Scheduled Task to run the PSWatcher script
  • Generate an initial report to show live ports
  • Once the task has ran, it will also create Win events (ID:1111)

There is some manual input required. You will need to configure the scheduled task yourself as when it’s created, basic information is added. You will need to change what user this runs under and when (Under Triggers).

Should you leave this, this will run at 9am (Daily) if the user is still logged on.

Once this does run, it will scan the resources and create events that can be forwarded onto your SIEM should you have one:

Should you wish to change any of the information which is recorded, you can edit the script located in the file path you set during setup.

This is also, were the initial report is stored:

I will continue to improve on this, as with my other scripts in Github. For any updates and recent changes, please visit: https://github.com/securethelogs