(imported topic written by nicklasd)
Good Morning,
My work has a policy that we cannot connect non work issues devices to our work computers. As a result I have the following analysis setup to detect rogue usb devices:
If (exists string values whose (it as lowercase starts with “usbstor”) of selects “PNPDeviceID from Win32_DiskDrive” of wmi)Then ((((if exists string value of property “Model” of it then string value of property “Model” of it else “n/a”), (if exists string value of property “PNPDeviceID” of it then (following texts of lasts “” of preceding texts of lasts “&” of string values whose(it as lowercase starts with “usbstor”) of property “PNPDeviceID” of it) else “n/a”)) of (select objects “Model,PNPDeviceID from Win32_DiskDrive” of wmi)) as string)Else (“No USB Storage Devices Connected”)
This analysis works great when used with a web report white list but unfortunately it does not detect iphone/ipads.
Can anyone help me write a new analysis or modify this current analysis to catch connected iphone/ipads?
Thanks!