Internal Host WinRM Investigate
Description
Performs a general investigation on key aspects of a windows device using windows remote management. Important files related to the endpoint are generated, bundled into a zip, and copied to the container vault.
- Type: Investigation
- Product: Splunk SOAR
- Apps: Windows Remote Management
- Last Updated: 2021-12-14
- Author: Kelby Shelton, Splunk
- ID: 32fd9db5-5201-4a2f-b2c2-9299c7b3495d
Associated Detections
How To Implement
The winrm asset requires Administrator access to gather certain files.
Explore Playbook
Required field
Reference
source | version: 1