ThreatConnect Marketplace
  • Apps
  • Playbooks
  • Apps
  • Playbooks
Home » Apps Overview » Microsoft Windows Remote Management (WinRM)
Back to Apps

Categories:
  • Endpoint Detection and Response
Built by

ThreatConnect

Microsoft Windows Remote Management (WinRM)

ThreatConnect can integrate with Microsoft Active Directory, taking advantage of Windows Remote Management and Powershell scripts. This allows the user to take a more incident response-focused approach to gather user information, running processes and other telemetry from the Windows workstation and server platforms. Other Microsoft use cases for incident response include user attribution along with Windows machine name resolution. The Phishing Use Case also works with O365 and ThreatConnect can pull user information from Azure Active Directory using Microsoft’s API.

This app can be found in the ThreatConnect App Catalog under the name: Microsoft Windows Remote Management (WinRM).

Related Apps

Cybereason
Endpoint Detection and Response

With the Cybereason  integration, customers  have the ability to query both types of malops, isolate suspicious activities,...

SentinelOne
Endpoint Detection and Response

With the SentinelOne integration, users  have the ability to interact with agents, threats, hashes, exclusions and blocklist...

CarbonBlack Playbook
Endpoint Detection and Response

This Playbook template will allow you to deploy a Yara rule to Carbon Black's Yara Manager.

Developers

  • Knowledge Base
  • Training Site

Company

  • ThreatConnect
  • Contact Us
  • Blog
  • Twitter
  • Facebook
  • Linkedin
© Copyright - ThreatConnect Marketplace
Scroll to top