Playbook: Internal Host WinRM Investigate

Description

Performs a general investigation on key aspects of a windows device using windows remote management. Important files related to the endpoint are generated, bundled into a zip, and copied to the container vault.

Type: Investigation Date: 2021-12-14 Author: Kelby Shelton, Splunk ID: 32fd9db5-5201-4a2f-b2c2-9299c7b3495d

Apps:

Associated Detections

How To Implement

The winrm asset requires Administrator access to gather certain files.

Explore Playbook

explore

Required fields

Reference

source | version: 1