├── .gitignore ├── LICENSE ├── README.md ├── ansible ├── README.md ├── ansible.cfg ├── playbooks │ ├── splunk_server.yml │ └── windows_dc.yml ├── roles │ ├── common │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── chocolatey-components.yml │ │ │ ├── main.yml │ │ │ ├── windows-components.yml │ │ │ └── windows-disable-defender.yml │ ├── search_head │ │ ├── README.md │ │ ├── files │ │ │ └── opt │ │ │ │ └── splunk │ │ │ │ └── etc │ │ │ │ └── system │ │ │ │ └── local │ │ │ │ └── inputs.conf │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── inputs.yml │ │ │ ├── install_cim_app.yml │ │ │ ├── install_es_app.yml │ │ │ ├── install_escu_app.yml │ │ │ ├── install_stream_app.yml │ │ │ ├── install_sysmon_ta.yml │ │ │ ├── install_windows_ta.yml │ │ │ ├── main.yml │ │ │ └── splunk.yml │ ├── sysmon │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── main.yml │ │ │ ├── windows-logging-registry.yml │ │ │ └── windows-sysmon.yml │ │ └── templates │ │ │ ├── SysmonConfig-Neo23x0-server.xml.j2 │ │ │ ├── SysmonConfig-Neo23x0-workstations.xml.j2 │ │ │ ├── SysmonConfig-TSwift.xml.j2 │ │ │ ├── SysmonConfig-Verbose.xml.j2 │ │ │ ├── SysmonConfig-moti.xml.j2 │ │ │ └── SysmonConfig.xml.j2 │ ├── universal_forwarder │ │ ├── defaults │ │ │ └── main.yml │ │ ├── files │ │ │ ├── inputs.conf │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ ├── tasks │ │ │ ├── install_splunk_stream.yml │ │ │ ├── install_splunk_sysmon_ta.yml │ │ │ ├── install_splunk_uf.yml │ │ │ ├── install_splunk_windows_ta.yml │ │ │ └── main.yaml │ │ └── templates │ │ │ └── inputs.conf.j2 │ ├── windows_dns_server │ │ ├── defaults │ │ │ └── main.yml │ │ ├── handlers │ │ │ └── main.yml │ │ └── tasks │ │ │ ├── features.yml │ │ │ ├── main.yaml │ │ │ └── reboot.yml │ └── windows_domain_controller │ │ ├── defaults │ │ └── main.yml │ │ ├── handlers │ │ └── main.yml │ │ └── tasks │ │ ├── create.yml │ │ ├── main.yaml │ │ └── reboot.yml └── vars │ └── vars.yml ├── images └── diagram.png ├── splunk_server └── Vagrantfile └── windows_dc_2016 └── Vagrantfile /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/README.md -------------------------------------------------------------------------------- /ansible/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/README.md -------------------------------------------------------------------------------- /ansible/ansible.cfg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/ansible.cfg -------------------------------------------------------------------------------- /ansible/playbooks/splunk_server.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/playbooks/splunk_server.yml -------------------------------------------------------------------------------- /ansible/playbooks/windows_dc.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/playbooks/windows_dc.yml -------------------------------------------------------------------------------- /ansible/roles/common/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | -------------------------------------------------------------------------------- /ansible/roles/common/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | -------------------------------------------------------------------------------- /ansible/roles/common/meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/common/meta/main.yml -------------------------------------------------------------------------------- /ansible/roles/common/tasks/chocolatey-components.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/common/tasks/chocolatey-components.yml -------------------------------------------------------------------------------- /ansible/roles/common/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/common/tasks/main.yml -------------------------------------------------------------------------------- /ansible/roles/common/tasks/windows-components.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/common/tasks/windows-components.yml -------------------------------------------------------------------------------- /ansible/roles/common/tasks/windows-disable-defender.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/common/tasks/windows-disable-defender.yml -------------------------------------------------------------------------------- /ansible/roles/search_head/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/README.md -------------------------------------------------------------------------------- /ansible/roles/search_head/files/opt/splunk/etc/system/local/inputs.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/files/opt/splunk/etc/system/local/inputs.conf -------------------------------------------------------------------------------- /ansible/roles/search_head/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/handlers/main.yml -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/inputs.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/tasks/inputs.yml -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/install_cim_app.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/tasks/install_cim_app.yml -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/install_es_app.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/tasks/install_es_app.yml -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/install_escu_app.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/tasks/install_escu_app.yml -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/install_stream_app.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/tasks/install_stream_app.yml -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/install_sysmon_ta.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/tasks/install_sysmon_ta.yml -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/install_windows_ta.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/tasks/install_windows_ta.yml -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/tasks/main.yml -------------------------------------------------------------------------------- /ansible/roles/search_head/tasks/splunk.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/search_head/tasks/splunk.yml -------------------------------------------------------------------------------- /ansible/roles/sysmon/defaults/main.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ansible/roles/sysmon/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/sysmon/handlers/main.yml -------------------------------------------------------------------------------- /ansible/roles/sysmon/meta/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/sysmon/meta/main.yml -------------------------------------------------------------------------------- /ansible/roles/sysmon/tasks/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/sysmon/tasks/main.yml -------------------------------------------------------------------------------- /ansible/roles/sysmon/tasks/windows-logging-registry.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/sysmon/tasks/windows-logging-registry.yml -------------------------------------------------------------------------------- /ansible/roles/sysmon/tasks/windows-sysmon.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/sysmon/tasks/windows-sysmon.yml -------------------------------------------------------------------------------- /ansible/roles/sysmon/templates/SysmonConfig-Neo23x0-server.xml.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/sysmon/templates/SysmonConfig-Neo23x0-server.xml.j2 -------------------------------------------------------------------------------- /ansible/roles/sysmon/templates/SysmonConfig-Neo23x0-workstations.xml.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/sysmon/templates/SysmonConfig-Neo23x0-workstations.xml.j2 -------------------------------------------------------------------------------- /ansible/roles/sysmon/templates/SysmonConfig-TSwift.xml.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/sysmon/templates/SysmonConfig-TSwift.xml.j2 -------------------------------------------------------------------------------- /ansible/roles/sysmon/templates/SysmonConfig-Verbose.xml.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/sysmon/templates/SysmonConfig-Verbose.xml.j2 -------------------------------------------------------------------------------- /ansible/roles/sysmon/templates/SysmonConfig-moti.xml.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/sysmon/templates/SysmonConfig-moti.xml.j2 -------------------------------------------------------------------------------- /ansible/roles/sysmon/templates/SysmonConfig.xml.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/sysmon/templates/SysmonConfig.xml.j2 -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/defaults/main.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/files/inputs.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/universal_forwarder/files/inputs.conf -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/files/main.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/universal_forwarder/handlers/main.yml -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/tasks/install_splunk_stream.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/universal_forwarder/tasks/install_splunk_stream.yml -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/tasks/install_splunk_sysmon_ta.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/universal_forwarder/tasks/install_splunk_sysmon_ta.yml -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/tasks/install_splunk_uf.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/universal_forwarder/tasks/install_splunk_uf.yml -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/tasks/install_splunk_windows_ta.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/universal_forwarder/tasks/install_splunk_windows_ta.yml -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/tasks/main.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/universal_forwarder/tasks/main.yaml -------------------------------------------------------------------------------- /ansible/roles/universal_forwarder/templates/inputs.conf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/universal_forwarder/templates/inputs.conf.j2 -------------------------------------------------------------------------------- /ansible/roles/windows_dns_server/defaults/main.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ansible/roles/windows_dns_server/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/windows_dns_server/handlers/main.yml -------------------------------------------------------------------------------- /ansible/roles/windows_dns_server/tasks/features.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/windows_dns_server/tasks/features.yml -------------------------------------------------------------------------------- /ansible/roles/windows_dns_server/tasks/main.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/windows_dns_server/tasks/main.yaml -------------------------------------------------------------------------------- /ansible/roles/windows_dns_server/tasks/reboot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/windows_dns_server/tasks/reboot.yml -------------------------------------------------------------------------------- /ansible/roles/windows_domain_controller/defaults/main.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /ansible/roles/windows_domain_controller/handlers/main.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/windows_domain_controller/handlers/main.yml -------------------------------------------------------------------------------- /ansible/roles/windows_domain_controller/tasks/create.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/windows_domain_controller/tasks/create.yml -------------------------------------------------------------------------------- /ansible/roles/windows_domain_controller/tasks/main.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/windows_domain_controller/tasks/main.yaml -------------------------------------------------------------------------------- /ansible/roles/windows_domain_controller/tasks/reboot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/roles/windows_domain_controller/tasks/reboot.yml -------------------------------------------------------------------------------- /ansible/vars/vars.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/ansible/vars/vars.yml -------------------------------------------------------------------------------- /images/diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/images/diagram.png -------------------------------------------------------------------------------- /splunk_server/Vagrantfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/splunk_server/Vagrantfile -------------------------------------------------------------------------------- /windows_dc_2016/Vagrantfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/josehelps/building-a-windows-dc/HEAD/windows_dc_2016/Vagrantfile --------------------------------------------------------------------------------