├── .gitignore ├── Analysis ├── Analysis.conf ├── Deserialize-KansaField.ps1 ├── Get-LogparserStack.ps1 ├── Net │ ├── Get-ARPStack.ps1 │ ├── Get-DNSCacheStack.ps1 │ ├── Get-NetstatByProtoForeignIpStateComponentProcessStack.ps1 │ ├── Get-NetstatDistinctLocal16IPv4.ps1 │ ├── Get-NetstatDistinctLocal24.ps1 │ ├── Get-NetstatForeign16sStack.ps1 │ ├── Get-NetstatForeign24sStack.ps1 │ ├── Get-NetstatForeignIpPortProcesStack.ps1 │ ├── Get-NetstatForeignIpProcess.ps1 │ ├── Get-NetstatListenerStack.ps1 │ └── Get-NetstatStack.ps1 ├── Resolve-WindowsGUID.ps1 ├── asep │ ├── Get-ASEPImagePathLaunchStringMD5UnsignedStack.ps1 │ ├── Get-ASEPImagePathLaunchStringMD5UnsignedTimeStack.ps1 │ ├── Get-ASEPImagePathLaunchStringPublisherStack.ps1 │ ├── Get-ASEPImagePathLaunchStringStack.ps1 │ ├── Get-ASEPImagePathLaunchStringUnsignedStack.ps1 │ ├── Get-PersistenceFilesAndRegistryKeysStack.ps1 │ ├── Get-SchedTasksAllStack.ps1 │ ├── Get-SvcAllRunningAuto.ps1 │ ├── Get-SvcAllStack.ps1 │ ├── Get-SvcFailAllStack.ps1 │ ├── Get-SvcFailCmdLineStack.ps1 │ ├── Get-SvcFailStack.ps1 │ ├── Get-SvcStartNameStack.ps1 │ └── Get-SvcTrigStack.ps1 ├── config │ ├── Get-AMHealthStatusStack.ps1 │ ├── Get-AMInfectionStatus.ps1 │ └── Get-LocalAdminStack.ps1 ├── disk │ ├── Decompress-KansaOutputFile.ps1 │ ├── Get-WebrootListingEntropyOutliers.ps1 │ └── Write-StreamToDisk.ps1 ├── log │ ├── Get-LogUserAssistValueByDate.ps1 │ └── Get-LogUserAssistValueStack.ps1 ├── meta │ ├── Get-AllFileLengths.ps1 │ └── Get-FileLengths.ps1 └── process │ ├── Get-HandleProcessOwnerStack.ps1 │ ├── Get-PrefetchListingLastWriteTime.ps1 │ ├── Get-PrefetchListingStack.ps1 │ ├── Get-ProcsWMICLIMD5Stack.ps1 │ ├── Get-ProcsWMICmdlineStack.ps1 │ ├── Get-ProcsWMIPath.ps1 │ ├── Get-ProcsWMIProcessNameStack.ps1 │ ├── Get-ProcsWMISortByCreationDate.ps1 │ ├── Get-ProcsWMITempExePath.ps1 │ └── Get-ProxSystemStartTime.ps1 ├── CODE_OF_CONDUCT.md ├── DistributedKansa.ps1 ├── Get-Targets.ps1 ├── LICENSE ├── MSLimitedPublicLicense.txt ├── Modules ├── .gitignore ├── ASEP │ ├── Get-Autorunsc.ps1 │ ├── Get-AutorunscDeep.ps1 │ ├── Get-ImagePathExecutionOptions.ps1 │ ├── Get-PSProfiles.ps1 │ ├── Get-PersistenceFilesAndRegistryKeys.ps1 │ ├── Get-SchedTasks.ps1 │ ├── Get-SchedTasksAll.ps1 │ ├── Get-SigCheckRandomPath.ps1 │ ├── Get-Sigcheck.ps1 │ ├── Get-SvcAll.ps1 │ ├── Get-SvcFail.ps1 │ ├── Get-SvcTrigs.ps1 │ ├── Get-WMIEvtConsumer.ps1 │ ├── Get-WMIEvtFilter.ps1 │ └── Get-WMIFltConBind.ps1 ├── Config │ ├── Get-AMHealthStatus.ps1 │ ├── Get-AMInfectionStatus.ps1 │ ├── Get-CertStore.ps1 │ ├── Get-ClrVersion.ps1 │ ├── Get-GPResult.ps1 │ ├── Get-Hotfix.ps1 │ ├── Get-IIS.ps1 │ ├── Get-LocalAdmins.ps1 │ ├── Get-LocalUsers.ps1 │ ├── Get-PSDotNetVersion.ps1 │ ├── Get-Products.ps1 │ ├── Get-RegKey.ps1 │ ├── Get-SharePermissions.ps1 │ └── Get-SmbShare.ps1 ├── Disk │ ├── Get-DiskUsage.ps1 │ ├── Get-File.ps1 │ ├── Get-FileHashes.ps1 │ ├── Get-FilesByHash.ps1 │ ├── Get-FilesByHashes.ps1 │ ├── Get-FlsBodyfile.ps1 │ ├── Get-IOCsByPath.ps1 │ ├── Get-MasterFileTable.ps1 │ ├── Get-Recent.ps1 │ ├── Get-TempDirListing.ps1 │ └── Get-WebrootListing.ps1 ├── FireForget │ ├── FFdevTemplate.ps1 │ ├── FFwrapper.ps1 │ ├── Get-ADSFF.ps1 │ ├── Get-AbortCleanKansaServersFF.ps1 │ ├── Get-AgentPresenceFF.ps1 │ ├── Get-AuditPolFF.ps1 │ ├── Get-AutorunsFF.ps1 │ ├── Get-CertificateStoreFF.ps1 │ ├── Get-ChromeExtensionsFF.ps1 │ ├── Get-DDEFilesFF.ps1 │ ├── Get-DriverFilterTableFF.ps1 │ ├── Get-EmoCheckFF.ps1 │ ├── Get-GPScriptConfigFF.ps1 │ ├── Get-IPRouteFF.ps1 │ ├── Get-ImageExecutionGlobalFlagFF.ps1 │ ├── Get-KansaDLauncherFF.ps1 │ ├── Get-KernelDriversFF.ps1 │ ├── Get-LargeRegKeysFF.ps1 │ ├── Get-LocalUsersFF.ps1 │ ├── Get-MBRHashFF.ps1 │ ├── Get-MSOfficeXMLFF.ps1 │ ├── Get-NecromancerFF.ps1 │ ├── Get-NetshHelpersFF.ps1 │ ├── Get-NetstatFF.ps1 │ ├── Get-PSHistoryFF.ps1 │ ├── Get-PowershellVersionFF.ps1 │ ├── Get-PowershmancerFF.ps1 │ ├── Get-PrintMonitorsFF.ps1 │ ├── Get-RDPInfoFF.ps1 │ ├── Get-RunningProcessesAndModulesFF.ps1 │ ├── Get-SQLDBFF.ps1 │ ├── Get-SchTasksFF.ps1 │ ├── Get-SecurityPackagesFF.ps1 │ ├── Get-StartupFilesFF.ps1 │ ├── Get-SysmonInstallFF.ps1 │ ├── Get-TasklistFF.ps1 │ ├── Get-WDigestFF.ps1 │ ├── Get-WMIScriptsFF.ps1 │ ├── Get-WSLInstallFF.ps1 │ └── Get-WinlogbeatUpdateFF.ps1 ├── IOC │ └── Get-Loki.ps1 ├── Log │ ├── Get-AppCompatCache.ps1 │ ├── Get-LogCBS.ps1 │ ├── Get-LogOpenSavePidlMRU.ps1 │ ├── Get-LogUserAssist.ps1 │ ├── Get-LogWinEvent.ps1 │ ├── Get-OfficeMRU.ps1 │ ├── Get-OfficeTrustedRecords.ps1 │ ├── Get-RdpConnectionLogs.ps1 │ ├── Get-SysmonNetwork.ps1 │ └── Get-SysmonProcess.ps1 ├── Memory │ └── Get-Memory.ps1 ├── Modules.conf ├── Net │ ├── Get-Arp.ps1 │ ├── Get-DNSCache.ps1 │ ├── Get-NetIPInterfaces.ps1 │ ├── Get-NetRoutes.ps1 │ ├── Get-Netstat.ps1 │ ├── Get-NetstatObject.ps1 │ ├── Get-SmbSession.ps1 │ └── Get-WMIIETelemetry.ps1 ├── Process │ ├── Get-Handle.ps1 │ ├── Get-InjectedThreads.ps1 │ ├── Get-PrefetchFiles.ps1 │ ├── Get-PrefetchListing.ps1 │ ├── Get-ProcDump.ps1 │ ├── Get-ProcessesUsingModules.ps1 │ ├── Get-ProcsNModules.ps1 │ ├── Get-ProcsWMI.ps1 │ ├── Get-Prox.ps1 │ ├── Get-RekalPslist.ps1 │ ├── Get-Tasklistv.ps1 │ └── Get-WMIRecentApps.ps1 ├── Registry │ └── Get-USBForensics.ps1 ├── bin │ └── .gitignore └── default-template.ps1 ├── Prepare-KansaServer.ps1 ├── README.md ├── Shared ├── ElkSender.ps1 └── Parsers.ps1 ├── contributing.md ├── kansa.ps1 ├── logging.conf_example └── logstash_parserFF.grok /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/.gitignore -------------------------------------------------------------------------------- /Analysis/Analysis.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Analysis.conf -------------------------------------------------------------------------------- /Analysis/Deserialize-KansaField.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Deserialize-KansaField.ps1 -------------------------------------------------------------------------------- /Analysis/Get-LogparserStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Get-LogparserStack.ps1 -------------------------------------------------------------------------------- /Analysis/Net/Get-ARPStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Net/Get-ARPStack.ps1 -------------------------------------------------------------------------------- /Analysis/Net/Get-DNSCacheStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Net/Get-DNSCacheStack.ps1 -------------------------------------------------------------------------------- /Analysis/Net/Get-NetstatByProtoForeignIpStateComponentProcessStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Net/Get-NetstatByProtoForeignIpStateComponentProcessStack.ps1 -------------------------------------------------------------------------------- /Analysis/Net/Get-NetstatDistinctLocal16IPv4.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Net/Get-NetstatDistinctLocal16IPv4.ps1 -------------------------------------------------------------------------------- /Analysis/Net/Get-NetstatDistinctLocal24.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Net/Get-NetstatDistinctLocal24.ps1 -------------------------------------------------------------------------------- /Analysis/Net/Get-NetstatForeign16sStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Net/Get-NetstatForeign16sStack.ps1 -------------------------------------------------------------------------------- /Analysis/Net/Get-NetstatForeign24sStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Net/Get-NetstatForeign24sStack.ps1 -------------------------------------------------------------------------------- /Analysis/Net/Get-NetstatForeignIpPortProcesStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Net/Get-NetstatForeignIpPortProcesStack.ps1 -------------------------------------------------------------------------------- /Analysis/Net/Get-NetstatForeignIpProcess.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Net/Get-NetstatForeignIpProcess.ps1 -------------------------------------------------------------------------------- /Analysis/Net/Get-NetstatListenerStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Net/Get-NetstatListenerStack.ps1 -------------------------------------------------------------------------------- /Analysis/Net/Get-NetstatStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Net/Get-NetstatStack.ps1 -------------------------------------------------------------------------------- /Analysis/Resolve-WindowsGUID.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/Resolve-WindowsGUID.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-ASEPImagePathLaunchStringMD5UnsignedStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-ASEPImagePathLaunchStringMD5UnsignedStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-ASEPImagePathLaunchStringMD5UnsignedTimeStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-ASEPImagePathLaunchStringMD5UnsignedTimeStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-ASEPImagePathLaunchStringPublisherStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-ASEPImagePathLaunchStringPublisherStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-ASEPImagePathLaunchStringStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-ASEPImagePathLaunchStringStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-ASEPImagePathLaunchStringUnsignedStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-ASEPImagePathLaunchStringUnsignedStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-PersistenceFilesAndRegistryKeysStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-PersistenceFilesAndRegistryKeysStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-SchedTasksAllStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-SchedTasksAllStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-SvcAllRunningAuto.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-SvcAllRunningAuto.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-SvcAllStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-SvcAllStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-SvcFailAllStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-SvcFailAllStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-SvcFailCmdLineStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-SvcFailCmdLineStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-SvcFailStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-SvcFailStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-SvcStartNameStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-SvcStartNameStack.ps1 -------------------------------------------------------------------------------- /Analysis/asep/Get-SvcTrigStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/asep/Get-SvcTrigStack.ps1 -------------------------------------------------------------------------------- /Analysis/config/Get-AMHealthStatusStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/config/Get-AMHealthStatusStack.ps1 -------------------------------------------------------------------------------- /Analysis/config/Get-AMInfectionStatus.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/config/Get-AMInfectionStatus.ps1 -------------------------------------------------------------------------------- /Analysis/config/Get-LocalAdminStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/config/Get-LocalAdminStack.ps1 -------------------------------------------------------------------------------- /Analysis/disk/Decompress-KansaOutputFile.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/disk/Decompress-KansaOutputFile.ps1 -------------------------------------------------------------------------------- /Analysis/disk/Get-WebrootListingEntropyOutliers.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/disk/Get-WebrootListingEntropyOutliers.ps1 -------------------------------------------------------------------------------- /Analysis/disk/Write-StreamToDisk.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/disk/Write-StreamToDisk.ps1 -------------------------------------------------------------------------------- /Analysis/log/Get-LogUserAssistValueByDate.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/log/Get-LogUserAssistValueByDate.ps1 -------------------------------------------------------------------------------- /Analysis/log/Get-LogUserAssistValueStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/log/Get-LogUserAssistValueStack.ps1 -------------------------------------------------------------------------------- /Analysis/meta/Get-AllFileLengths.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/meta/Get-AllFileLengths.ps1 -------------------------------------------------------------------------------- /Analysis/meta/Get-FileLengths.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/meta/Get-FileLengths.ps1 -------------------------------------------------------------------------------- /Analysis/process/Get-HandleProcessOwnerStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/process/Get-HandleProcessOwnerStack.ps1 -------------------------------------------------------------------------------- /Analysis/process/Get-PrefetchListingLastWriteTime.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/process/Get-PrefetchListingLastWriteTime.ps1 -------------------------------------------------------------------------------- /Analysis/process/Get-PrefetchListingStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/process/Get-PrefetchListingStack.ps1 -------------------------------------------------------------------------------- /Analysis/process/Get-ProcsWMICLIMD5Stack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/process/Get-ProcsWMICLIMD5Stack.ps1 -------------------------------------------------------------------------------- /Analysis/process/Get-ProcsWMICmdlineStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/process/Get-ProcsWMICmdlineStack.ps1 -------------------------------------------------------------------------------- /Analysis/process/Get-ProcsWMIPath.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/process/Get-ProcsWMIPath.ps1 -------------------------------------------------------------------------------- /Analysis/process/Get-ProcsWMIProcessNameStack.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/process/Get-ProcsWMIProcessNameStack.ps1 -------------------------------------------------------------------------------- /Analysis/process/Get-ProcsWMISortByCreationDate.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/process/Get-ProcsWMISortByCreationDate.ps1 -------------------------------------------------------------------------------- /Analysis/process/Get-ProcsWMITempExePath.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/process/Get-ProcsWMITempExePath.ps1 -------------------------------------------------------------------------------- /Analysis/process/Get-ProxSystemStartTime.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Analysis/process/Get-ProxSystemStartTime.ps1 -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /DistributedKansa.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/DistributedKansa.ps1 -------------------------------------------------------------------------------- /Get-Targets.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Get-Targets.ps1 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/LICENSE -------------------------------------------------------------------------------- /MSLimitedPublicLicense.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/MSLimitedPublicLicense.txt -------------------------------------------------------------------------------- /Modules/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/.gitignore -------------------------------------------------------------------------------- /Modules/ASEP/Get-Autorunsc.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-Autorunsc.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-AutorunscDeep.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-AutorunscDeep.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-ImagePathExecutionOptions.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-ImagePathExecutionOptions.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-PSProfiles.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-PSProfiles.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-PersistenceFilesAndRegistryKeys.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-PersistenceFilesAndRegistryKeys.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-SchedTasks.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-SchedTasks.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-SchedTasksAll.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-SchedTasksAll.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-SigCheckRandomPath.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-SigCheckRandomPath.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-Sigcheck.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-Sigcheck.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-SvcAll.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-SvcAll.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-SvcFail.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-SvcFail.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-SvcTrigs.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-SvcTrigs.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-WMIEvtConsumer.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-WMIEvtConsumer.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-WMIEvtFilter.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-WMIEvtFilter.ps1 -------------------------------------------------------------------------------- /Modules/ASEP/Get-WMIFltConBind.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/ASEP/Get-WMIFltConBind.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-AMHealthStatus.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-AMHealthStatus.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-AMInfectionStatus.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-AMInfectionStatus.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-CertStore.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-CertStore.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-ClrVersion.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-ClrVersion.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-GPResult.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-GPResult.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-Hotfix.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-Hotfix.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-IIS.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-IIS.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-LocalAdmins.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-LocalAdmins.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-LocalUsers.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-LocalUsers.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-PSDotNetVersion.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-PSDotNetVersion.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-Products.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-Products.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-RegKey.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-RegKey.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-SharePermissions.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-SharePermissions.ps1 -------------------------------------------------------------------------------- /Modules/Config/Get-SmbShare.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Config/Get-SmbShare.ps1 -------------------------------------------------------------------------------- /Modules/Disk/Get-DiskUsage.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Disk/Get-DiskUsage.ps1 -------------------------------------------------------------------------------- /Modules/Disk/Get-File.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Disk/Get-File.ps1 -------------------------------------------------------------------------------- /Modules/Disk/Get-FileHashes.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Disk/Get-FileHashes.ps1 -------------------------------------------------------------------------------- /Modules/Disk/Get-FilesByHash.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Disk/Get-FilesByHash.ps1 -------------------------------------------------------------------------------- /Modules/Disk/Get-FilesByHashes.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Disk/Get-FilesByHashes.ps1 -------------------------------------------------------------------------------- /Modules/Disk/Get-FlsBodyfile.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Disk/Get-FlsBodyfile.ps1 -------------------------------------------------------------------------------- /Modules/Disk/Get-IOCsByPath.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Disk/Get-IOCsByPath.ps1 -------------------------------------------------------------------------------- /Modules/Disk/Get-MasterFileTable.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Disk/Get-MasterFileTable.ps1 -------------------------------------------------------------------------------- /Modules/Disk/Get-Recent.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Disk/Get-Recent.ps1 -------------------------------------------------------------------------------- /Modules/Disk/Get-TempDirListing.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Disk/Get-TempDirListing.ps1 -------------------------------------------------------------------------------- /Modules/Disk/Get-WebrootListing.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Disk/Get-WebrootListing.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/FFdevTemplate.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/FFdevTemplate.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/FFwrapper.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/FFwrapper.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-ADSFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-ADSFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-AbortCleanKansaServersFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-AbortCleanKansaServersFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-AgentPresenceFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-AgentPresenceFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-AuditPolFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-AuditPolFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-AutorunsFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-AutorunsFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-CertificateStoreFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-CertificateStoreFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-ChromeExtensionsFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-ChromeExtensionsFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-DDEFilesFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-DDEFilesFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-DriverFilterTableFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-DriverFilterTableFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-EmoCheckFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-EmoCheckFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-GPScriptConfigFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-GPScriptConfigFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-IPRouteFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-IPRouteFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-ImageExecutionGlobalFlagFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-ImageExecutionGlobalFlagFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-KansaDLauncherFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-KansaDLauncherFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-KernelDriversFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-KernelDriversFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-LargeRegKeysFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-LargeRegKeysFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-LocalUsersFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-LocalUsersFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-MBRHashFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-MBRHashFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-MSOfficeXMLFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-MSOfficeXMLFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-NecromancerFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-NecromancerFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-NetshHelpersFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-NetshHelpersFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-NetstatFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-NetstatFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-PSHistoryFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-PSHistoryFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-PowershellVersionFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-PowershellVersionFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-PowershmancerFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-PowershmancerFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-PrintMonitorsFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-PrintMonitorsFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-RDPInfoFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-RDPInfoFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-RunningProcessesAndModulesFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-RunningProcessesAndModulesFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-SQLDBFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-SQLDBFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-SchTasksFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-SchTasksFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-SecurityPackagesFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-SecurityPackagesFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-StartupFilesFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-StartupFilesFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-SysmonInstallFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-SysmonInstallFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-TasklistFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-TasklistFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-WDigestFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-WDigestFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-WMIScriptsFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-WMIScriptsFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-WSLInstallFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-WSLInstallFF.ps1 -------------------------------------------------------------------------------- /Modules/FireForget/Get-WinlogbeatUpdateFF.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/FireForget/Get-WinlogbeatUpdateFF.ps1 -------------------------------------------------------------------------------- /Modules/IOC/Get-Loki.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/IOC/Get-Loki.ps1 -------------------------------------------------------------------------------- /Modules/Log/Get-AppCompatCache.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Log/Get-AppCompatCache.ps1 -------------------------------------------------------------------------------- /Modules/Log/Get-LogCBS.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Log/Get-LogCBS.ps1 -------------------------------------------------------------------------------- /Modules/Log/Get-LogOpenSavePidlMRU.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Log/Get-LogOpenSavePidlMRU.ps1 -------------------------------------------------------------------------------- /Modules/Log/Get-LogUserAssist.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Log/Get-LogUserAssist.ps1 -------------------------------------------------------------------------------- /Modules/Log/Get-LogWinEvent.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Log/Get-LogWinEvent.ps1 -------------------------------------------------------------------------------- /Modules/Log/Get-OfficeMRU.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Log/Get-OfficeMRU.ps1 -------------------------------------------------------------------------------- /Modules/Log/Get-OfficeTrustedRecords.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Log/Get-OfficeTrustedRecords.ps1 -------------------------------------------------------------------------------- /Modules/Log/Get-RdpConnectionLogs.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Log/Get-RdpConnectionLogs.ps1 -------------------------------------------------------------------------------- /Modules/Log/Get-SysmonNetwork.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Log/Get-SysmonNetwork.ps1 -------------------------------------------------------------------------------- /Modules/Log/Get-SysmonProcess.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Log/Get-SysmonProcess.ps1 -------------------------------------------------------------------------------- /Modules/Memory/Get-Memory.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Memory/Get-Memory.ps1 -------------------------------------------------------------------------------- /Modules/Modules.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Modules.conf -------------------------------------------------------------------------------- /Modules/Net/Get-Arp.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Net/Get-Arp.ps1 -------------------------------------------------------------------------------- /Modules/Net/Get-DNSCache.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Net/Get-DNSCache.ps1 -------------------------------------------------------------------------------- /Modules/Net/Get-NetIPInterfaces.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Net/Get-NetIPInterfaces.ps1 -------------------------------------------------------------------------------- /Modules/Net/Get-NetRoutes.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Net/Get-NetRoutes.ps1 -------------------------------------------------------------------------------- /Modules/Net/Get-Netstat.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Net/Get-Netstat.ps1 -------------------------------------------------------------------------------- /Modules/Net/Get-NetstatObject.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Net/Get-NetstatObject.ps1 -------------------------------------------------------------------------------- /Modules/Net/Get-SmbSession.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Net/Get-SmbSession.ps1 -------------------------------------------------------------------------------- /Modules/Net/Get-WMIIETelemetry.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Net/Get-WMIIETelemetry.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-Handle.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-Handle.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-InjectedThreads.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-InjectedThreads.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-PrefetchFiles.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-PrefetchFiles.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-PrefetchListing.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-PrefetchListing.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-ProcDump.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-ProcDump.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-ProcessesUsingModules.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-ProcessesUsingModules.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-ProcsNModules.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-ProcsNModules.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-ProcsWMI.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-ProcsWMI.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-Prox.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-Prox.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-RekalPslist.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-RekalPslist.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-Tasklistv.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-Tasklistv.ps1 -------------------------------------------------------------------------------- /Modules/Process/Get-WMIRecentApps.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Process/Get-WMIRecentApps.ps1 -------------------------------------------------------------------------------- /Modules/Registry/Get-USBForensics.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/Registry/Get-USBForensics.ps1 -------------------------------------------------------------------------------- /Modules/bin/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/bin/.gitignore -------------------------------------------------------------------------------- /Modules/default-template.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Modules/default-template.ps1 -------------------------------------------------------------------------------- /Prepare-KansaServer.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Prepare-KansaServer.ps1 -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/README.md -------------------------------------------------------------------------------- /Shared/ElkSender.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Shared/ElkSender.ps1 -------------------------------------------------------------------------------- /Shared/Parsers.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/Shared/Parsers.ps1 -------------------------------------------------------------------------------- /contributing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/contributing.md -------------------------------------------------------------------------------- /kansa.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/kansa.ps1 -------------------------------------------------------------------------------- /logging.conf_example: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/logging.conf_example -------------------------------------------------------------------------------- /logstash_parserFF.grok: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/davehull/Kansa/HEAD/logstash_parserFF.grok --------------------------------------------------------------------------------