Internal Host WinRM Investigate

Description

Performs a general investigation on key aspects of a windows device using windows remote management. Important files related to the endpoint are generated, bundled into a zip, and copied to the container vault.

Type: Investigation
Product: Splunk SOAR
Apps: Windows Remote Management
Last Updated: 2021-12-14
Author: Kelby Shelton, Splunk
ID: 32fd9db5-5201-4a2f-b2c2-9299c7b3495d
Use-cases:

Associated Detections

How To Implement

The winrm asset requires Administrator access to gather certain files.

Explore Playbook

Required field

Reference

source | version: 1

Twitter Facebook LinkedIn

Internal Host WinRM Investigate

Description

Associated Detections

How To Implement

Explore Playbook

Required field

Reference

You May Also Enjoy

O365 New Forwarding Mailflow Rule Created

Okta Successful Single Factor Authentication

Windows Unsigned MS DLL Side-Loading

Windows Rename System Utilities Agentexecutor exe LOLBAS in Non Standard Path