BCWHSendpointIR

1.0

BCWHSendpointIR.psm1

                                
<#PSScriptInfo

.VERSION 1.0

.GUID 0b8519aa-b3da-46a5-8f6b-3f54caf9abd9

.AUTHOR WadeBach22

.COMPANYNAME 

.COPYRIGHT 

.TAGS 

.LICENSEURI 

.PROJECTURI 

.ICONURI 

.EXTERNALMODULEDEPENDENCIES 

.REQUIREDSCRIPTS 

.EXTERNALSCRIPTDEPENDENCIES 

.RELEASENOTES

Black Cat White Hit Security Presents Microsoft Windows Endpoint Security Incident Response. Please view our website for more detailed information.

#>

<# 

.DESCRIPTION 

 Black Cat White Hit Security Presents Microsoft Windows Endpoint Security Incident Response. Please view our website for more detailed information.

#> 

Param()

function BCWHScheckIRProcess {

  Get-Process | Sort-Object -Descending WS;

}

function BCWHScheckIRCounter {

  Get-Counter;

}

function BCWHScheckIRAppLogs {

  Get-EventLog -logName "Application" -newest 500 | Select MachineName,TimeGenerated,EntryType,Source,Message;

}

function BCWHScheckIRServices {

  Get-Service | Select-Object Name, DisplayName, Status, StartType;

}

function BCWHScheckIRNetwork {

  Get-NetTCPConnection | Select-Object creationtime, localaddress, localport, RemoteAddress, Remoteport;

}

function BCWHScheckIRTasks {

  Get-ScheduledTask;

}

function BCWHScheckIRListUsers {

  Get-LocalGroupMember Administrators;

}

function BCWHScheckIRUsers {

  Get-CimInstance �ClassName Win32_ComputerSystem;

}

function BCWHScheckIRSoftware {

  Get-WinEvent -ProviderName msiinstaller | where id -eq 1033 | select timecreated,message | FL *;

}

function BCWHScheckIRBLStatus {

  manage-bde -status;

}

function BCWHScheckIRBLVolume {

  Get-BitLockerVolume;

}

function BCWHScheckIRSecurityLogs {

  Get-EventLog -logName "Security" -newest 500 | Select MachineName,TimeGenerated,EntryType,Source,Message;

}

function BCWHScheckIRSystemLogs {

  Get-EventLog -logName "System" -newest 500 | Select MachineName,TimeGenerated,EntryType,Source,Message;

}