BCWHSendpointIR.psm1
|
<#PSScriptInfo .VERSION 1.3 .GUID 0b8519aa-b3da-46a5-8f6b-3f54caf9abd9 .AUTHOR WadeBach22 .COMPANYNAME .COPYRIGHT .TAGS .LICENSEURI .PROJECTURI .ICONURI .EXTERNALMODULEDEPENDENCIES .REQUIREDSCRIPTS .EXTERNALSCRIPTDEPENDENCIES .RELEASENOTES Black Cat White Hit Security Presents Microsoft Windows Endpoint Security Incident Response. Please view our website for more detailed information. #> <# .DESCRIPTION Black Cat White Hit Security Presents Microsoft Windows Endpoint Security Incident Response. Please view our website for more detailed information. #> Param() function Get-BCWHSIRProcess { Get-Process | Sort-Object -Descending WS; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Get-BCWHSIRCounter { Get-Counter; } function Get-BCWHSIRAppLogs { Get-EventLog -logName "Application" -newest 500 | Select MachineName,TimeGenerated,EntryType,Source,Message; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Get-BCWHSIRServices { Get-Service | Select-Object Name, DisplayName, Status, StartType; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Get-BCWHSIRNetwork { Get-NetTCPConnection | Select-Object creationtime, localaddress, localport, RemoteAddress, Remoteport; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Get-BCWHSIRTasks { Get-ScheduledTask; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Get-BCWHSIRListUsers { Get-LocalGroupMember Administrators; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Get-BCWHSIRUsers { Get-CimInstance �ClassName Win32_ComputerSystem; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Get-BCWHSIRSoftware { Get-WinEvent -ProviderName msiinstaller | where id -eq 1033 | select timecreated,message | FL *; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Get-BCWHSIRBLStatus { manage-bde -status; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Get-BCWHSIRBLVolume { Get-BitLockerVolume; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Get-BCWHSIRSecurityLogs { Get-EventLog -logName "Security" -newest 500 | Select MachineName,TimeGenerated,EntryType,Source,Message; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Get-BCWHSIRSystemLogs { Get-EventLog -logName "System" -newest 500 | Select MachineName,TimeGenerated,EntryType,Source,Message; Write-Output "Thank you for using BCWHSendpointIR Module. Please run Invoke-BCWHSIRInfo to view more information."; } function Invoke-BCWHSIRInfo { Start-Process "msedge.exe" "https://blackcatwhitehatsecurity.com/endpoint.cfm#psIR" Write-Output "Project Information website has been launched."; } |