Skip to content
This repository was archived by the owner on Jan 5, 2025. It is now read-only.

Develop an Ansible Role that queries Windows using native tools #3

Open
robellegate opened this issue Nov 6, 2019 · 1 comment
Open

Develop an Ansible Role that queries Windows using native tools #3

robellegate opened this issue Nov 6, 2019 · 1 comment
Assignees
@kxs4591

Comments

@robellegate
Copy link
Contributor

  1. Querying basic host information including:
    1. Host name and Domain (if applicable) info
    2. OS and OS Patch level
    3. IP information
    4. List of local users
  2. Querying installed software including:
    1. Installed server components
      1. AD, IIS, etc.
    2. Querying installed application software
    3. Querying software to be run on boot
  3. Query information that may be useful for incident response
    1. Recent user logons
      1. May make your own assumptions about “recent”
    2. Running processes
      1. Include: The process ID, the process name, the user id, the parent process id, and the path to the process’ binary
    3. Suspicious (other than 80,443) outbound connections
@kxs4591 kxs4591 self-assigned this Nov 6, 2019
@kxs4591
Copy link

kxs4591 commented Nov 6, 2019

working through part 1

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@kxs4591 kxs4591

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robellegate @kxs4591