Microsoft Windows Remote Management (WinRM)
ThreatConnect can integrate with Microsoft Active Directory, taking advantage of Windows Remote Management and Powershell scripts. This allows the user to take a more incident response-focused approach to gather user information, running processes and other telemetry from the Windows workstation and server platforms. Other Microsoft use cases for incident response include user attribution along with Windows machine name resolution. The Phishing Use Case also works with O365 and ThreatConnect can pull user information from Azure Active Directory using Microsoft’s API.
This app can be found in the ThreatConnect App Catalog under the name: Microsoft Windows Remote Management (WinRM).