Putting named pipes here as it takes to long and utility is to low to be part of the 'default'

joeavanzato · joeavanzato · commit 6734e0cb6119 · 2025-05-07T07:52:51.000-04:00
diff --git a/configs/verbose.yaml b/configs/verbose.yaml
@@ -197,4 +197,11 @@ commands:
     merge: csv
     id: ScriptBlockLogging
     tags: [access, powershell, builtin]
-    dependencies: [utilities\ExtractScriptBlockLogging.ps1]
+    dependencies: [utilities\ExtractScriptBlockLogging.ps1]
+  # Extract Named Pipes, Owning Processes and Established Connections
+  - command: powershell.exe C:\Windows\temp\ExtractNamedPipes.ps1 -OutputFile $FILENAME$
+    file_name: $time$_NamedPipes.csv
+    merge: csv
+    id: NamedPipes
+    tags: [access, pipes, builtin]
+    dependencies: [utilities\ExtractNamedPipes.ps1]
