Microsoft Windows Remote Management (WinRM)

ThreatConnect can integrate with Microsoft Active Directory, taking advantage of Windows Remote Management and Powershell scripts. This allows the user to take a more incident response-focused approach to gather user information, running processes and other telemetry from the Windows workstation and server platforms. Other Microsoft use cases for incident response include user attribution along with Windows machine name resolution. The Phishing Use Case also works with O365 and ThreatConnect can pull user information from Azure Active Directory using Microsoft’s API.

This app can be found in the ThreatConnect App Catalog under the name: Microsoft Windows Remote Management (WinRM).

Categories:

ThreatConnect

Microsoft Windows Remote Management (WinRM)

Developers

Company

Categories:

ThreatConnect

Microsoft Windows Remote Management (WinRM)

Related Apps

Cybereason

Endpoint Detection and Response

SentinelOne

Endpoint Detection and Response

CarbonBlack Playbook

Endpoint Detection and Response

Developers

Company