icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

Thank You

Downloading Windows Remote Management
SHA256 checksum (windows-remote-management_224.tgz) c19c3522ea2d934e88586da874981858bd6ac57359fd3c08e4f9182f2f79d7ff SHA256 checksum (windows-remote-management_223.tgz) bacf1cd3e6c23ec1be68e6ad8b9ea1ade8e8827326fa8cd99035cb5acd3b9cd4 SHA256 checksum (windows-remote-management_210.tgz) bd0fea000b769ed4424e572ba4dfbbef252e110d0995eab3eaebfb56d94cf994 SHA256 checksum (windows-remote-management_201.tgz) 6eb2f4c8ae6e6866be7ff57878d32a78abcf1bde02b79180d3e5f571f57d001a

Flag As Inappropriate

soar

Windows Remote Management

Splunk SOAR Cloud
Splunk Built
Overview
This app integrates with the Windows Remote Management service to execute various actions

Supported Actions Version 2.2.4

  • test connectivity: Validate the asset configuration for connectivity using supplied configuration
  • run command: Execute a command on the endpoint
  • run script: Run a PowerShell script on the endpoint
  • list processes: List the currently running processes
  • terminate process: Terminate a process
  • list connections: List all active connections
  • list firewall rules: List the firewall rules
  • delete firewall rule: Remove a firewall rule using netsh
  • block ip: Create a firewall rule to block a specified IP
  • add firewall rule: Add a firewall rule using netsh
  • logoff user: Logoff a user
  • list sessions: List all active sessions
  • deactivate partition: Deactivate a partition
  • activate partition: Activate a partition
  • shutdown system: Shutdown a system
  • restart system: Restart a system
  • list policies: List AppLocker Policies
  • block file path: Create a new AppLocker policy to block a file path
  • delete policy: Delete an AppLocker policy
  • get file: Copy a file from the Windows Endpoint to the Vault
  • upload file: Copy a file from the vault to the Windows Endpoint
  • copy file: Run the copy command on the Windows Endpoint
  • delete file: Run the delete command on the Windows Endpoint

Supported Actions Version 2.2.3

  • test connectivity: Validate the asset configuration for connectivity using supplied configuration
  • run command: Execute a command on the endpoint
  • run script: Run a PowerShell script on the endpoint
  • list processes: List the currently running processes
  • terminate process: Terminate a process
  • list connections: List all active connections
  • list firewall rules: List the firewall rules
  • delete firewall rule: Remove a firewall rule using netsh
  • block ip: Create a firewall rule to block a specified IP
  • add firewall rule: Add a firewall rule using netsh
  • logoff user: Logoff a user
  • list sessions: List all active sessions
  • deactivate partition: Deactivate a partition
  • activate partition: Activate a partition
  • shutdown system: Shutdown a system
  • restart system: Restart a system
  • list policies: List AppLocker Policies
  • block file path: Create a new AppLocker policy to block a file path
  • delete policy: Delete an AppLocker policy
  • get file: Copy a file from the Windows Endpoint to the Vault
  • upload file: Copy a file from the vault to the Windows Endpoint
  • copy file: Run the copy command on the Windows Endpoint
  • delete file: Run the delete command on the Windows Endpoint

Supported Actions Version 2.1.0

  • test connectivity: Validate the asset configuration for connectivity using supplied configuration
  • run command: Execute a command on the endpoint
  • run script: Run a PowerShell script on the endpoint
  • list processes: List the currently running processes
  • terminate process: Terminate a process
  • list connections: List all active connections
  • list firewall rules: List the firewall rules
  • delete firewall rule: Remove a firewall rule using netsh
  • block ip: Create a firewall rule to block a specified IP
  • add firewall rule: Add a firewall rule using netsh
  • logoff user: Logoff a user
  • list sessions: List all active sessions
  • deactivate partition: Deactivate a partition
  • activate partition: Activate a partition
  • shutdown system: Shutdown a system
  • restart system: Restart a system
  • list policies: List AppLocker Policies
  • block file path: Create a new AppLocker policy to block a file path
  • delete policy: Delete an AppLocker policy
  • get file: Copy a file from the Windows Endpoint to the Vault
  • upload file: Copy a file from the vault to the Windows Endpoint
  • copy file: Run the copy command on the Windows Endpoint
  • delete file: Run the delete command on the Windows Endpoint

Supported Actions Version 2.0.1

  • test connectivity: Validate the asset configuration for connectivity using supplied configuration
  • run command: Execute a command on the endpoint
  • run script: Run a PowerShell script on the endpoint
  • list processes: List the currently running processes
  • terminate process: Terminate a process
  • list connections: List all active connections
  • list firewall rules: List the firewall rules
  • delete firewall rule: Remove a firewall rule using netsh
  • block ip: Create a firewall rule to block a specified IP
  • add firewall rule: Add a firewall rule using netsh
  • logoff user: Logoff a user
  • list sessions: List all active sessions
  • deactivate partition: Deactivate a partition
  • activate partition: Activate a partition
  • shutdown system: Shutdown a system
  • restart system: Restart a system
  • list policies: List AppLocker Policies
  • block file path: Create a new AppLocker policy to block a file path
  • delete policy: Delete an AppLocker policy
  • get file: Copy a file from the Windows Endpoint to the Vault
  • upload file: Copy a file from the vault to the Windows Endpoint
  • copy file: Run the copy command on the Windows Endpoint
  • delete file: Run the delete command on the Windows Endpoint

Release Notes

Version 2.2.4
March 9, 2022
  • Changed the hashing algorithm to SHA256 when running in FIPS mode [PAPP-21569]
Version 2.2.3
Feb. 11, 2022
  • Removed 'pyc' files from the app tarball [PAPP-23403]
  • Added support for Python 3.9
Version 2.1.0
Oct. 1, 2021

Windows Remote Management Release Notes - Published by Splunk October 1, 2021

Version 2.1.0 - Released October 1, 2021

  • Updated custom parser example to add_data if a non-zero status is returned [PAPP-19609]
Version 2.0.1
Sept. 21, 2021

Windows Remote Management Release Notes - Published by Splunk April 23, 2021

Version 2.0.1 - Released April 23, 2021

  • Updated the 'list processes' action to accommodate Windows 10 with more flexible code, and parsed raw output dictionary into the action_result data
  • Upgraded the 'ntlm_auth' wheel file to 1.5.0

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.