I have just uploaded what is an aggregation of other authors (thank you!) and some other relevance’s and queries for windows to give a quick overview of a systems’s status and what, to me, is important information.
Hope its of some use and any suggestions on how to make it better is always appreciated.
2 Likes
That looks great, thanks for sharing!
I do have a couple of questions though…
For property:
Established TCP and UDP Connections
…it looks like it’s actually checking for established RDP connections, maybe should be renamed?
And on the Telnet client, is there actually a telnet client service, or should it actually be checking for telnet client processes? I don’t have the telnet client myself, so I am unsure but a telnet client service seems unlikely.
Thanks…
Actually that should realty read Processes running on Established RDP port…
RDP as far as i know, and have seen, called svchost.exe and anything other on that port should raise flags but I stand to be corrected…
On the service… You are correct… it should be process “telnet.exe” D’oh… Ok Corrected and uploaded.