Internal Host WinRM Investigate

Description

Performs a general investigation on key aspects of a windows device using windows remote management. Important files related to the endpoint are generated, bundled into a zip, and copied to the container vault.

Type: Investigation
Product: Splunk SOAR
Apps: Windows Remote Management
Last Updated: 2021-12-14
Author: Kelby Shelton, Splunk
ID: 32fd9db5-5201-4a2f-b2c2-9299c7b3495d
Use-cases:

Associated Detections

How To Implement

The winrm asset requires Administrator access to gather certain files.

Explore Playbook

Required field

Reference

source | version: 1

Twitter Facebook LinkedIn

Internal Host WinRM Investigate

Description

Associated Detections

How To Implement

Explore Playbook

Required field

Reference

You May Also Enjoy

Headless Browser Mockbin or Mocky Request

Headless Browser Usage

Windows Find Interesting ACL with FindInterestingDomainAcl

Windows Get Local Admin with FindLocalAdminAccess