BeaKer agent may conflict with existing winlogbeat installations #45
Description
I see that the BeaKer/Espy installation-scripts install-sysmon-beats.ps1 install winlogbeat into C:\Program Files\winlogbeat- and parts of the config in C:\ProgramData\winlogbeat. Incase winlogbeat is already installed on this machine (e.g. for some custom logging unrelated to BeaKer/Espy/AC-Hunter), the script would overwrite the previously existing installation.
My idea to not have this issue would be to create own directories in Program Files and ProgramData (e.g. espy-agent) and change the winlogbeat service installation script to create a service with another name (e.g. “espy-agent” instead “winlogbeat”).
This may also extend a little to Sysmon configuration (creating sysmon-net-only.xml), but to my understanding this xml file would probably not exist previously anyways (but it may still be worth considering to name it different, preventing any possible conflicts).
Cheers
Clemens