参数不起作用的 Powershell 启动作业
Powershell start-job with arguments not working
这个我想不通。本来应该很简单的事情变成了真正的痛苦。
以下代码有效。只是我需要在后台和函数内部启动它。
代码:
$EvidenceDirectory = "C:\Evidence"
$Chainsawpath="C:\Tools\chainsaw\chainsaw.exe"
$Sigmamappings="C:\Tools\chainsaw\mapping_files\sigma-mapping.yml"
$Sigmarules = "C:\Tools\chainsaw\sigma_rules"
Set-Alias Chainsaw $Chainsawpath
$run = Chainsaw hunt "$EvidenceDirectory\EVTX" --rules "$Sigmarules" --mapping "$Sigmamappings" --csv "$EvidenceDirectory\Chainsaw"
从函数内部:
function Chainsaw
{
start-job {
$EvidenceDirectory = "C:\Evidence"
$Chainsawpath="C:\Tools\chainsaw\chainsaw.exe"
$Sigmamappings="C:\Tools\chainsaw\mapping_files\sigma-mapping.yml"
$Sigmarules = "C:\Tools\chainsaw\sigma_rules"
& $Chainsawpath hunt "$EvidenceDirectory\EVTX" --rules "$Sigmarules" --mapping "$Sigmamappings" --csv "$EvidenceDirectory\Chainsaw"
}
if ($LASTEXITCODE -ne 0)
{
write-host "$LASTEXITCODE"
return
}
else
{
write-host "$Time Chainsaw analysis completed successfully"
}
Start-Sleep -s 2
}
您可以 运行 使用调用运算符的变量。
$run = & $Chainsawpath hunt $EvidenceDirectory\EVTX --rules $Sigmarules --mapping $Sigmamappings --csv $EvidenceDirectory\Chainsaw
作为一份工作:
start-job {
$EvidenceDirectory = "C:\Evidence"
$Chainsawpath="C:\Tools\chainsaw\chainsaw.exe"
$Sigmamappings="C:\Tools\chainsaw\mapping_files\sigma-mapping.yml"
$Sigmarules = "C:\Tools\chainsaw\sigma_rules"
& $Chainsawpath hunt "$EvidenceDirectory\EVTX" --rules "$Sigmarules" --mapping "$Sigmamappings" --csv "$EvidenceDirectory\Chainsaw"
}
这个我想不通。本来应该很简单的事情变成了真正的痛苦。 以下代码有效。只是我需要在后台和函数内部启动它。
代码:
$EvidenceDirectory = "C:\Evidence"
$Chainsawpath="C:\Tools\chainsaw\chainsaw.exe"
$Sigmamappings="C:\Tools\chainsaw\mapping_files\sigma-mapping.yml"
$Sigmarules = "C:\Tools\chainsaw\sigma_rules"
Set-Alias Chainsaw $Chainsawpath
$run = Chainsaw hunt "$EvidenceDirectory\EVTX" --rules "$Sigmarules" --mapping "$Sigmamappings" --csv "$EvidenceDirectory\Chainsaw"
从函数内部:
function Chainsaw
{
start-job {
$EvidenceDirectory = "C:\Evidence"
$Chainsawpath="C:\Tools\chainsaw\chainsaw.exe"
$Sigmamappings="C:\Tools\chainsaw\mapping_files\sigma-mapping.yml"
$Sigmarules = "C:\Tools\chainsaw\sigma_rules"
& $Chainsawpath hunt "$EvidenceDirectory\EVTX" --rules "$Sigmarules" --mapping "$Sigmamappings" --csv "$EvidenceDirectory\Chainsaw"
}
if ($LASTEXITCODE -ne 0)
{
write-host "$LASTEXITCODE"
return
}
else
{
write-host "$Time Chainsaw analysis completed successfully"
}
Start-Sleep -s 2
}
您可以 运行 使用调用运算符的变量。
$run = & $Chainsawpath hunt $EvidenceDirectory\EVTX --rules $Sigmarules --mapping $Sigmamappings --csv $EvidenceDirectory\Chainsaw
作为一份工作:
start-job {
$EvidenceDirectory = "C:\Evidence"
$Chainsawpath="C:\Tools\chainsaw\chainsaw.exe"
$Sigmamappings="C:\Tools\chainsaw\mapping_files\sigma-mapping.yml"
$Sigmarules = "C:\Tools\chainsaw\sigma_rules"
& $Chainsawpath hunt "$EvidenceDirectory\EVTX" --rules "$Sigmarules" --mapping "$Sigmamappings" --csv "$EvidenceDirectory\Chainsaw"
}