Skip to content
This repository has been archived by the owner on Jan 5, 2025. It is now read-only.

Develop an Ansible Role that queries Windows using osquery #4

Open
robellegate opened this issue Nov 6, 2019 · 0 comments
Open

Develop an Ansible Role that queries Windows using osquery #4

robellegate opened this issue Nov 6, 2019 · 0 comments
Assignees
@clev98

Comments

@robellegate
Copy link
Contributor

  1. Querying basic host information including:
    1. Host name and Domain (if applicable) info
    2. OS and OS Patch level
    3. IP information
    4. List of local users
  2. Querying installed software including:
    1. Installed server components
      1. AD, IIS, etc.
    2. Querying installed application software
    3. Querying software to be run on boot
  3. Query information that may be useful for incident response
    1. Recent user logons
      1. May make your own assumptions about “recent”
    2. Running processes
      1. Include: The process ID, the process name, the user id, the parent process id, and the path to the process’ binary
    3. Suspicious (other than 80,443) outbound connections
@clev98 clev98 self-assigned this Nov 6, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@clev98 clev98

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robellegate @clev98