Internal Host WinRM Investigate

Description

Performs a general investigation on key aspects of a windows device using windows remote management. Important files related to the endpoint are generated, bundled into a zip, and copied to the container vault.

Type: Investigation
Product: Splunk SOAR
Apps: Windows Remote Management
Last Updated: 2021-12-14
Author: Kelby Shelton, Splunk
ID: 32fd9db5-5201-4a2f-b2c2-9299c7b3495d

Associated Detections

How To Implement

The winrm asset requires Administrator access to gather certain files.

Explore Playbook

Required field

Reference

source | version: 1

Twitter Facebook LinkedIn

Internal Host WinRM Investigate

Description

Associated Detections

How To Implement

Explore Playbook

Required field

Reference

You May Also Enjoy

Okta Mismatch Between Source and Response for Verify Push Request

Okta Suspicious Use of a Session Cookie

Okta Multiple Failed Requests to Access Applications

Windows Rundll32 WebDav With Network Connection