FILE: C:\ProgramData\PuppetLabs\puppet\var\lib\facter\sysmon_ver_check.rb

--
Facter.add("sysmon_service_version") do
  confine :osfamily => "windows"
  setcode do
    powershell = 'C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -NoProfile'
    command = '(gci $env:windir\sysmon64.exe).VersionInfo.ProductVersion'
    Facter::Util::Resolution.exec(%Q{#{powershell} -command "#{command}"})
  end
end
Facter.add("sysmon_sysint_version") do
  confine :osfamily => "windows"
  setcode do
    powershell = 'C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -NoProfile'
    command = '(gci C:\Scripts\SysInternals\sysmon64.exe).VersionInfo.ProductVersion'
    Facter::Util::Resolution.exec(%Q{#{powershell} -command "#{command}"})
  end
end
Facter.add("sysmon_service") do
	confine :osfamily => "windows"
	setcode do
		powershell = 'C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -NoProfile'
		command = '(Get-Service sysmon64 -ErrorAction SilentlyContinue).count'
		Facter::Util::Resolution.exec(%Q{#{powershell} -command "#{command}"})
  end
end

--