soar
Windows Remote Management
Splunk SOAR Cloud
Splunk Built
Overview
This app integrates with the Windows Remote Management service to execute various actions
Supported Actions Version 2.2.4
- test connectivity: Validate the asset configuration for connectivity using supplied configuration
- run command: Execute a command on the endpoint
- run script: Run a PowerShell script on the endpoint
- list processes: List the currently running processes
- terminate process: Terminate a process
- list connections: List all active connections
- list firewall rules: List the firewall rules
- delete firewall rule: Remove a firewall rule using netsh
- block ip: Create a firewall rule to block a specified IP
- add firewall rule: Add a firewall rule using netsh
- logoff user: Logoff a user
- list sessions: List all active sessions
- deactivate partition: Deactivate a partition
- activate partition: Activate a partition
- shutdown system: Shutdown a system
- restart system: Restart a system
- list policies: List AppLocker Policies
- block file path: Create a new AppLocker policy to block a file path
- delete policy: Delete an AppLocker policy
- get file: Copy a file from the Windows Endpoint to the Vault
- upload file: Copy a file from the vault to the Windows Endpoint
- copy file: Run the copy command on the Windows Endpoint
- delete file: Run the delete command on the Windows Endpoint
Supported Actions Version 2.2.3
- test connectivity: Validate the asset configuration for connectivity using supplied configuration
- run command: Execute a command on the endpoint
- run script: Run a PowerShell script on the endpoint
- list processes: List the currently running processes
- terminate process: Terminate a process
- list connections: List all active connections
- list firewall rules: List the firewall rules
- delete firewall rule: Remove a firewall rule using netsh
- block ip: Create a firewall rule to block a specified IP
- add firewall rule: Add a firewall rule using netsh
- logoff user: Logoff a user
- list sessions: List all active sessions
- deactivate partition: Deactivate a partition
- activate partition: Activate a partition
- shutdown system: Shutdown a system
- restart system: Restart a system
- list policies: List AppLocker Policies
- block file path: Create a new AppLocker policy to block a file path
- delete policy: Delete an AppLocker policy
- get file: Copy a file from the Windows Endpoint to the Vault
- upload file: Copy a file from the vault to the Windows Endpoint
- copy file: Run the copy command on the Windows Endpoint
- delete file: Run the delete command on the Windows Endpoint
Supported Actions Version 2.1.0
- test connectivity: Validate the asset configuration for connectivity using supplied configuration
- run command: Execute a command on the endpoint
- run script: Run a PowerShell script on the endpoint
- list processes: List the currently running processes
- terminate process: Terminate a process
- list connections: List all active connections
- list firewall rules: List the firewall rules
- delete firewall rule: Remove a firewall rule using netsh
- block ip: Create a firewall rule to block a specified IP
- add firewall rule: Add a firewall rule using netsh
- logoff user: Logoff a user
- list sessions: List all active sessions
- deactivate partition: Deactivate a partition
- activate partition: Activate a partition
- shutdown system: Shutdown a system
- restart system: Restart a system
- list policies: List AppLocker Policies
- block file path: Create a new AppLocker policy to block a file path
- delete policy: Delete an AppLocker policy
- get file: Copy a file from the Windows Endpoint to the Vault
- upload file: Copy a file from the vault to the Windows Endpoint
- copy file: Run the copy command on the Windows Endpoint
- delete file: Run the delete command on the Windows Endpoint
Supported Actions Version 2.0.1
- test connectivity: Validate the asset configuration for connectivity using supplied configuration
- run command: Execute a command on the endpoint
- run script: Run a PowerShell script on the endpoint
- list processes: List the currently running processes
- terminate process: Terminate a process
- list connections: List all active connections
- list firewall rules: List the firewall rules
- delete firewall rule: Remove a firewall rule using netsh
- block ip: Create a firewall rule to block a specified IP
- add firewall rule: Add a firewall rule using netsh
- logoff user: Logoff a user
- list sessions: List all active sessions
- deactivate partition: Deactivate a partition
- activate partition: Activate a partition
- shutdown system: Shutdown a system
- restart system: Restart a system
- list policies: List AppLocker Policies
- block file path: Create a new AppLocker policy to block a file path
- delete policy: Delete an AppLocker policy
- get file: Copy a file from the Windows Endpoint to the Vault
- upload file: Copy a file from the vault to the Windows Endpoint
- copy file: Run the copy command on the Windows Endpoint
- delete file: Run the delete command on the Windows Endpoint
Release Notes
Version 2.2.4
March 9, 2022
- Changed the hashing algorithm to SHA256 when running in FIPS mode [PAPP-21569]
Version 2.2.3
Feb. 11, 2022
- Removed 'pyc' files from the app tarball [PAPP-23403]
- Added support for Python 3.9
Version 2.1.0
Oct. 1, 2021
Windows Remote Management Release Notes - Published by Splunk October 1, 2021
Version 2.1.0 - Released October 1, 2021
- Updated custom parser example to add_data if a non-zero status is returned [PAPP-19609]
Version 2.0.1
Sept. 21, 2021
Windows Remote Management Release Notes - Published by Splunk April 23, 2021
Version 2.0.1 - Released April 23, 2021
- Updated the 'list processes' action to accommodate Windows 10 with more flexible code, and parsed raw output dictionary into the action_result data
- Upgraded the 'ntlm_auth' wheel file to 1.5.0