Try in Splunk SOAR


Performs a general investigation on key aspects of a windows device using windows remote management. Important files related to the endpoint are generated, bundled into a zip, and copied to the container vault.

  • Type: Investigation
  • Product: Splunk SOAR
  • Apps: Windows Remote Management
  • Last Updated: 2021-12-14
  • Author: Kelby Shelton, Splunk
  • ID: 32fd9db5-5201-4a2f-b2c2-9299c7b3495d
  • Use-cases:

Associated Detections

How To Implement

The winrm asset requires Administrator access to gather certain files.

Explore Playbook


Required field


source | version: 1