-
Notifications
You must be signed in to change notification settings - Fork 105
/
actions.xml
88 lines (83 loc) · 4.82 KB
/
actions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?xml version="1.0" encoding="utf-8"?>
<remv1:Remediation-Plugin xmlns:remv1="RemediationVersion1.xsd" Name="PSRecon">
<!--Gather Local Data and Run Desired Switch Parameters-->
<remv1:Action Name="Local : Extract Data : Pass Additional Arguments" Command="powershell.exe">
<remv1:ConstantParameter Name="Script" Switch="-file psrecon.ps1" Order="1" />
<remv1:StringParameter Name="Company Name" Switch="-companyName " Order="2" />
<remv1:StringParameter Name="Command Line Parameters" Switch="" Order="3" />
</remv1:Action>
<!--Gather Remote Data and Send Report via Email-->
<remv1:Action Name="Remote : Extract Data : Email Report" Command="powershell.exe">
<remv1:ConstantParameter Name="Script" Switch="-file psrecon.ps1 -remote" Order="1" />
<remv1:StringParameter Name="Target Host" Switch="-target " Order="2">
<remv1:DefaultInput>
<remv1:DHostName />
</remv1:DefaultInput>
</remv1:StringParameter>
<remv1:StringParameter Name="SMTP Server" Switch="-sendEmail -smtpServer " Order="3" />
<remv1:StringParameter Name="Send Email To" Switch="-emailTo " Order="4" />
<remv1:StringParameter Name="Send Email From" Switch="-emailFrom " Order="5" />
<remv1:StringParameter Name="Privileged Username" Switch="-username " Order="6" />
<remv1:EncryptedParameter>
<remv1:StringParameter Name="Privileged Password" Switch="-password " Order="7" />
</remv1:EncryptedParameter>
<remv1:StringParameter Name="Company Name" Switch="-companyName " Order="8" />
</remv1:Action>
<!--Gather Remote Data, including client email and Send Report via Email-->
<remv1:Action Name="Remote : Extract Data and Emails : Email Report" Command="powershell.exe">
<remv1:ConstantParameter Name="Script" Switch="-file psrecon.ps1 -email -remote" Order="1" />
<remv1:StringParameter Name="Target Host" Switch="-target " Order="2">
<remv1:DefaultInput>
<remv1:DHostName />
</remv1:DefaultInput>
</remv1:StringParameter>
<remv1:StringParameter Name="SMTP Server" Switch="-sendEmail -smtpServer " Order="3" />
<remv1:StringParameter Name="Send Email To" Switch="-emailTo " Order="4" />
<remv1:StringParameter Name="Send Email From" Switch="-emailFrom " Order="5" />
<remv1:StringParameter Name="Privileged Username" Switch="-username " Order="6" />
<remv1:EncryptedParameter>
<remv1:StringParameter Name="Privileged Password" Switch="-password " Order="7" />
</remv1:EncryptedParameter>
<remv1:StringParameter Name="Company Name" Switch="-companyName " Order="8" />
</remv1:Action>
<!--Remote Lockdown and Quarantine-->
<remv1:Action Name="Remote : Extract Data : Lockdown and Quarantine" Command="powershell.exe">
<remv1:ConstantParameter Name="Script" Switch="-file psrecon.ps1 -lockdown" Order="1" />
<remv1:StringParameter Name="Target Host" Switch="-target " Order="2">
<remv1:DefaultInput>
<remv1:DHostName />
</remv1:DefaultInput>
</remv1:StringParameter>
<remv1:StringParameter Name="SMTP Server" Switch="-sendEmail -smtpServer " Order="3" />
<remv1:StringParameter Name="Send Email To" Switch="-emailTo " Order="4" />
<remv1:StringParameter Name="Send Email From" Switch="-emailFrom " Order="5" />
<remv1:StringParameter Name="Privileged Username" Switch="-username " Order="6" />
<remv1:EncryptedParameter>
<remv1:StringParameter Name="Privileged Password" Switch="-password " Order="7" />
</remv1:EncryptedParameter>
<remv1:StringParameter Name="Company Name" Switch="-companyName " Order="8" />
</remv1:Action>
<!--Disable AD Account and Host Lockdown-->
<remv1:Action Name="Remote : Extract Data : Disable AD Account" Command="powershell.exe">
<remv1:ConstantParameter Name="Script" Switch="-file psrecon.ps1 -lockdown -adLock" Order="1" />
<remv1:StringParameter Name="Target Account" Switch="" Order="2">
<remv1:DefaultInput>
<remv1:Login />
</remv1:DefaultInput>
</remv1:StringParameter>
<remv1:StringParameter Name="Target Host" Switch="-target " Order="3">
<remv1:DefaultInput>
<remv1:SHostName />
</remv1:DefaultInput>
</remv1:StringParameter>
<remv1:StringParameter Name="Target Share" Switch="-netShare " Order="4" />
<remv1:StringParameter Name="SMTP Server" Switch="-sendEmail -smtpServer " Order="5" />
<remv1:StringParameter Name="Send Email To" Switch="-emailTo " Order="6" />
<remv1:StringParameter Name="Send Email From" Switch="-emailFrom " Order="7" />
<remv1:StringParameter Name="Privileged Username" Switch="-username " Order="8" />
<remv1:EncryptedParameter>
<remv1:StringParameter Name="Privileged Password" Switch="-password " Order="9" />
</remv1:EncryptedParameter>
<remv1:StringParameter Name="Company Name" Switch="-companyName " Order="10" />
</remv1:Action>
</remv1:Remediation-Plugin>