EricZimmerman · AndrewRathbun · Aug 12, 2021 · Aug 12, 2021 · Aug 12, 2021
diff --git a/Targets/Compound/ServerTriage.tkape b/Targets/Compound/ServerTriage.tkape
@@ -0,0 +1,33 @@
+Description: A compound target for gathering artifacts common to servers.
+Author: Eric Capuano
+Version: 1.0
+Id: 9bea625c-00bd-4389-a0a5-f648e8e267ce
+RecreateDirectories: True
+Targets:
+    -
+        Name: WebServers
+        Category: Compound
+        Path: WebServers.tkape # Required
+    -
+        Name: Exchange
+        Category: Compound
+        Path: Exchange.tkape
+    -
+        Name: Confluence
+        Category: Apps
+        Path: ConfluenceLogs.tkape
+    -
+        Name: FileZilla Server
+        Category: Apps
+        Path: FileZillaServer.tkape
+    -
+        Name: OpenSSH Server
+        Category: Apps
+        Path: OpenSSHServer.tkape
+    -
+        Name: ManageEngine
+        Category: Logs
+        Path: ManageEngineLogs.tkape
+
+# Documentation
+# A target to run on generic servers when their role is unknown. Includes common server applications.
diff --git a/Targets/Compound/WebServers.tkape b/Targets/Compound/WebServers.tkape
@@ -0,0 +1,25 @@
+Description: Logs from all known web server applications and supporting services
+Author: Eric Capuano
+Version: 1.0
+Id: 38de27ae-5047-404b-a7e1-3c99071724d5
+RecreateDirectories: True
+Targets:
+    -
+        Name: Apache Access Logs
+        Category: Logs
+        Path: ApacheAccessLog.tkape # Required
+    -
+        Name: IIS Logs
+        Category: Logs
+        Path: IISLogFiles.tkape
+    -
+        Name: NGINX Logs
+        Category: Logs
+        Path: NGINXLogs.tkape
+    -
+        Name: MSSQL Error Logs
+        Category: Logs
+        Path: MSSQLErrorLog.tkape
+
+# Documentation
+# A target to run on systems that may be hosting web servers. Helpful in determining whether web application exploitation is a contributing factor.