Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Develop an Ansible Role that queries Windows using native tools #3

Open
robellegate opened this issue Nov 6, 2019 · 1 comment
Open

Develop an Ansible Role that queries Windows using native tools #3

robellegate opened this issue Nov 6, 2019 · 1 comment
Assignees
@kxs4591

Comments

@robellegate
Copy link
Contributor

  1. Querying basic host information including:
    1. Host name and Domain (if applicable) info
    2. OS and OS Patch level
    3. IP information
    4. List of local users
  2. Querying installed software including:
    1. Installed server components
      1. AD, IIS, etc.
    2. Querying installed application software
    3. Querying software to be run on boot
  3. Query information that may be useful for incident response
    1. Recent user logons
      1. May make your own assumptions about “recent”
    2. Running processes
      1. Include: The process ID, the process name, the user id, the parent process id, and the path to the process’ binary
    3. Suspicious (other than 80,443) outbound connections
@kxs4591 kxs4591 self-assigned this Nov 6, 2019
@kxs4591
Copy link

kxs4591 commented Nov 6, 2019

working through part 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kxs4591 kxs4591

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robellegate @kxs4591