BluSapphire
  • 01_Introduction
  • 02_Unified Cyber Defense Platform
  • 03_The Stack
  • 04_Features and capabilities
  • 05_Operations
  • 06_Architecture
    • Architecture - Version 3
    • Architecture - Version 4
  • 07_Integration
    • Cisco pxGrid Integration
    • Threat Intel Sources
  • 08_Use cases
    • SIGMA Rules
      • SIGMA Detection Attributes
      • Understanding SIGMA Rule
      • Creating SIGMA Rule
  • 09_CaseHub
    • Events
    • Cases
      • Case-Templates
    • Event-Rules
    • Reflex Query Language (RQL)
    • Input Configuration
      • Credentials
      • Agents
      • Field Templates
  • 10_Active-Defense-Services
    • Services (ADS - LIADS)
      • Network Services
      • Database Services
      • Web-Apps
    • Tokens (ADS - Tokens)
  • 11_Data-Pipeline-Manager (DPM)
    • Basic Concepts
    • Getting Started
  • 12_Deployment / Log Forwarding
    • Log Forwarding (on-prem) - How To
      • Fortimanager
      • Fortinet
      • Cisco ASA with FirePOWER services
      • Cisco ASA
      • Cisco VPN 3000 Concentrator
      • Cisco IOS Switch
      • Cisco ASA using ASDM
      • Cisco Router
      • Cisco Sourcefire
      • Cisco Ironport
      • Cisco Nexus Switch
      • Cisco VPN Concentrator
      • NetScreen Firewall
        • Configure/Enable Syslog Messages for Netscreen Firewall device using CLI Console:
      • Palo Alto Firewalls
        • Configure Syslog Monitoring
        • Configure a Syslog server profile
        • Create a log forwarding profile
        • Configure security policy rule action as log forwarding
        • Configure syslog forwarding for System, Config, HIP Match, and Correlation logs
      • Juniper
        • Using J-Web
        • Using CLI
        • Using J-Web
        • Using CLI
        • Configuring to send Syslog Messages directly from Sensor
      • Sonicwall
        • Configuring SonicWALL To Direct Log Streams
        • Configuring SonicWALL Logging Level
      • Checkpoint
        • R80.20
        • R80.10
        • R77.30
      • Blue Coat Proxy Logs
        • To Forward Blue Coat Logs Using Web Interface
        • To Forward Blue Coat Proxy Logs Using CLI
      • Tipping Point
      • FireEye
        • To Forward Fireeye NX Alert Logs
      • UBUNTU
      • CENTOS-RHEL
      • Citrix Access Gateway
      • SYMANTEC AV
      • DarkTrace
      • Nutanix
      • SAP
      • Cisco Meraki Firewall
      • Zoho Vault Integration
      • Zoho Analytics Integration
      • Sophos EDR Integration
      • PowerDMARC Integration
      • Perception Point Integration
      • MS Intune Integration
      • AWS-Cloudtrail & AWS-Cloudwatch integration
      • Dell PowerEdge Log Integration
      • HPE ProLiant DX380 Gen10 Log Integration
      • Lenovo ThinkSystem SR650 Log Integration
      • Aruba-3810M-L3 Switch
      • Cisco HX220C-M5SX Log Integration
      • Aruba-6200F-48-Access Switch
      • Brocade & Ruckus Switch Log Integration
      • Cavera L2 Switch Log Integration
      • CentOS & RHEL Log Integration
      • Cisco L2 Switch Log Integration
      • Cisco L3 Switch Log Integration
      • Dell EMC Switch Log Integration
      • Dell Powervault ME4 & ME5 Series Log Integration
      • HCI_CISCO_HX 240C_M5SX_CIMS(Intersight)
      • IBM AIX Log Integration
      • IBM Storwize Log Integration
      • Lenovo L2 Switch Log Integration
      • Lenovo Think System Storage Log Integration
      • lenovo_think_system_manager_851
      • Netgear M4300 Switch Log Integration
      • Net Gear Ready NAS 314 & Net Gear Ready NAS 428
      • qnap storage log integration
      • Ruckus SmartZone 100 Wi-Fi Controller Log Integration
      • Seqrite Endpoint Security 7.6 Log Integration
      • Suse log integration
      • Ubuntu log integration
      • Vcenter log integration
      • Microsoft SQL DB integration
      • Vios log integration
      • Cisco SF/SG 200 & 300 Series Switches
      • oracle db integration
      • lenovo thinksystem storage
      • F5 BIG-IP Load Balancer (11.x - 17.x)
      • Seqrite 76
      • Seqrite 82
      • Aruba switch log integration
      • Windows FIM
        • FIM Integration with GPO
        • FIM Integration without GPO
      • Sophos Firewall
        • Sophos XG Firewalls Syslog
          • Netflow Configuration To Verify
      • SAP
      • Integrating Forcepoint Web Proxy (or) Email Security
      • MicroAgent - Winlogbeat & Sysmon
        • Deploy Micro-Agent/Sysmon via GPO
        • MicroAgent manual installation
      • Microsoft’s IIS Integration
      • vios log integration
      • aruba switch log integration
      • oracle db integration
      • Cisco SF/SG 200 & 300 Series Switches
      • microsoft sql db integration
      • seqrite 82
      • seqrite 76
      • List of Supported Log Sources
        • 17.x)
    • Cloud Log Forwarding
      • Azure Sentinel
      • AWS Cloud Logs
        • Collecting CloudWatch Logs
        • Collecting Cloudtrail Logs
      • Configuring Mimecast for Log Collection via API
      • Cisco Umbrella
      • Cisco Duo
      • Cisco AMP
      • Cisco CES
      • SOPHOS AV
      • CROWDSTRIKE
      • Microsoft Defender ATP
        • Enable SIEM integration in Microsoft Defender ATP
        • Assign permissions to the WindowsDefenderATPSiemConnector application
    • BluArmour Pre-Deployment Checklist & Roll out Process
    • Deploy BluArmour via SCCM
    • BluGenie GPO for Service Account, WinRM and WMI
    • Mirror / SPAN port configuration
    • Average LogSize by LogSource
    • Windows Package Installation
    • Linux Package Installation
  • 13_MITRE ATT&CK
    • MITRE ATT&CK Coverage by Tactic
    • MITRE ATT&CK Coverage by Technique
    • Rules mapping - MITRE ATT&CK
  • 14_BluArmour Endpoint Protection
    • BluArmour For ICS / AirGapped Networks
  • 15_BluGenie
    • Manual
    • How To Guides
      • BluGenie Intro
      • How To Run
      • How to Use Help
      • Running Localhost & Remote commands
      • Get-BluGenieChildItemList
      • Invoke-BluGenieYara
    • Enable-BluGenieWinRMoverWMI
  • 16_Best Practices
    • Windows Logging Recommendations
      • Windows Security Log recommendations
      • Windows General Log Recommendations
      • Windows Advanced Auditing Recommendations
    • Lateral Movement Logging Recommendations
    • Best Data Sources for Detection
    • Cloud Incident Readiness
  • 17_Threat Hunt
  • 18_Taxonomy
    • Categories
    • Web Security Gateway
    • Cloud AWS
    • Windows
    • Linux
    • Endpoint Detection
    • NGFW (Firewalls)
    • Email Gateway Security
    • Network Access Control
    • Auth (IDAM)
    • Alert Data
    • Web Security Gateway
    • Endpoint Protection
    • DHCP
    • Cloud AWS
    • Wireless Access Controllers
    • Windows
    • Load Balancers (LB)
    • Linux
    • Active Defence (Deception)
  • 19_Product Videos
  • 20_M-SOC_Self Service Portal
    • Registering as a Customer (Regulated Entity)
    • Digital Contract Signing Process
      • RACI Matrix
    • Updating Billing Information
    • Updating Escalation Matrix
    • Manage Users and Roles
    • Windows Package Installation
    • Linux Package Installation
    • RPM Package Installation
    • Frequently Asked Questions (FAQ)
    • Default Log Collection
    • Incident Management Workflow(M-SOC only)
    • Troubleshooting Installs
    • MACOS Package Installation
  • Customer Self Service Portal
    • Registering as a Customer
    • Registering as a Partner
    • Digital Contract Signing Process
    • Updating Billing Information
    • Updating Escalation Matrix
    • Manage Users and Roles
    • Windows Package Installation
    • Linux deb Package Installation
    • Linux rpm Package Installation
    • Frequently Asked Questions (FAQ)
    • Default Log Collection
    • Troubleshooting Installs
  • Appendix A
  • 21_Incident Response
    • Cloud Incident Readiness
Powered by GitBook
On this page
  • NAME
  • SYNOPSIS
  • SYNTAX
  • DESCRIPTION
  • PARAMETERS
  • INPUTS
  • OUTPUTS
  • * Dependencies :
  • EXAMPLE 1
  • EXAMPLE 2
  • EXAMPLE 3
  • EXAMPLE 4
  • EXAMPLE 5
  • EXAMPLE 6
  • EXAMPLE 7
  1. 15_BluGenie

Enable-BluGenieWinRMoverWMI

Enable-BluGenieWinRMoverWMI will try and connect to a remote host and enable WinRM

NAME

Enable-BluGenieWinRMoverWMI

SYNOPSIS

Enable-BluGenieWinRMoverWMI will try and connect to a remote host and enable WinRM

SYNTAX

Enable-BluGenieWinRMoverWMI [[-ComputerName] <String>] [-looptimer <Int32>] [-termloopcounter <Int32>] [-MaxConcurrentUsers <Int32>]

[-MaxProcessesPerShell <Int32>] [-MaxMemoryPerShellMB <Int32>] [-MaxShellsPerUser <Int32>] [-MaxShellRunTime <Int32>] [-SetMaxValues]

[-SetValues] [-ReturnDetails] [-Walkthrough] [-ReturnObject] [-OutUnEscapedJSON] [-FormatView <String>] [<CommonParameters>]

DESCRIPTION

Enable-BluGenieWinRMoverWMI will try and connect to a remote host and enable WinRM. The Service, Firewall, and Configuration will be enabled.

PARAMETERS

-ComputerName <String>

Description: Computer name of the remote host

Notes:

Alias:

ValidateSet:

Required? false

Position? 1

Default value: None

Accept pipeline input? false

Accept wildcard characters? false

-looptimer <Int32>

Description: How long to wait before processing another loop

Notes: Default 5 seconds

Alias:

ValidateSet:

Required? false

Position? named

Default value 5

Accept pipeline input? false

Accept wildcard characters? false

-termloopcounter <Int32>

Description: How many times the process should loop before exiting

Notes: Default 6 times

Alias:

ValidateSet:

Required? false

Position? named

Default value 6

Accept pipeline input? false

Accept wildcard characters? false

-MaxConcurrentUsers <Int32>

Description: Set WMI value for MaxConcurrentUsers

Notes: Default 25

Alias:

ValidateSet:

Required? false

Position? named

Default value 25

Accept pipeline input? false

Accept wildcard characters? false

-MaxProcessesPerShell <Int32>

Description: Set WMI value for MaxConcurrentUsers

Notes: Default 100

Alias:

ValidateSet:

Required? false

Position? named

Default value 100

Accept pipeline input? false

Accept wildcard characters? false

-MaxMemoryPerShellMB <Int32>

Description: Set WMI value for MaxMemoryPerShellMB

Notes: Default 1024

Alias:

ValidateSet:

Required? false

Position? named

Default value 1024

Accept pipeline input? false

Accept wildcard characters? false

-MaxShellsPerUser <Int32>

Description: Set WMI value for MaxShellsPerUser

Notes: Default 30

Alias:

ValidateSet:

Required? false

Position? named

Default value 30

Accept pipeline input? false

Accept wildcard characters? false

-MaxShellRunTime <Int32>

Description: Set WMI value for MaxShellRunTime

Notes: Default 2147483647 for PowerShell 3.0 and above

Alias:

ValidateSet:

Required? false

Position? named

Default value 2147483647

Accept pipeline input? false

Accept wildcard characters? false

-SetMaxValues [<SwitchParameter>]

Description: Allow for WMI value to be set to the Max Values and overwrite any parameters given.

Notes:

Alias:

ValidateSet:

Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false

-SetValues [<SwitchParameter>]

Description: Allow for WMI value to be set.

Notes: By default this is view only

Alias:

ValidateSet:

Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false

-ReturnDetails [<SwitchParameter>]

Description: Gather more detailed information on WMI and PowerShell

Notes: By default the return is (True / False) for Enabled or not

Alias:

ValidateSet:

Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false

-Walkthrough [<SwitchParameter>]

Description: Start the dynamic help menu system to help walk through the current command and all of the parameters

Notes:

Alias: Help

ValidateSet:

Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false

-ReturnObject [<SwitchParameter>]

Description: Return information as an Object

Notes: By default the data is returned as a Hash Table

Alias:

ValidateSet:

Required? \tfalse

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false

-OutUnEscapedJSON [<SwitchParameter>]

Description: Remove UnEsacped Char from the JSON information.

Notes: This will beautify json and clean up the formatting.

Alias:

ValidateSet:

Required? false

Position? named

Default value False

Accept pipeline input? false

Accept wildcard characters? false

-FormatView <String>

Description: Select which format to return the object data in.

Notes: Default value is set to (None). This value is only valid when using the -ReturnObject parameter

Alias:

ValidateSet: 'Table','Custom','CustomModified','None','JSON','OutUnEscapedJSON','CSV'

Required? false

Position? named

Default value Table

Accept pipeline input? false

Accept wildcard characters? false

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,

ErrorAction, ErrorVariable, WarningAction, WarningVariable,

OutBuffer, PipelineVariable, and OutVariable. For more information, see

about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).

INPUTS

OUTPUTS

TypeName: System.Collections.Hashtable

NOTES

* Original Author : Michael Arroyo

* Original Build Version : 1812.2301

* Latest Author : Michael Arroyo

* Latest Build Version : 2002.2801

* Comments :

* PowerShell Compatibility : 2,3,4,5.x

* Forked Project :

* Link :

~

* Dependencies :

~ Invoke-WalkThrough - Invoke-WalkThrough is an interactive help menu system

~ Get-ErrorAction - Get-ErrorAction will round up any errors into a simple object

EXAMPLE 1

PS C:\>Command: Enable-BluGenieWinRMoverWMI -ComputerName [Computer Name]

Description: This will enable WinRM over WMI

Notes:

EXAMPLE 2

PS C:\>Command: Enable-BluGenieWinRMoverWMI -Help

Description: Call Help Information

Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal

Get-Help will be called with the -Full parameter

EXAMPLE 3

PS C:\>Command: Enable-BluGenieWinRMoverWMI -WalkThrough

Description: Call Help Information [2]

Notes: If Help / WalkThrough is setup as a parameter, this script will be called to setup the Dynamic Help Menu if not the normal

Get-Help will be called with the -Full parameter

EXAMPLE 4

PS C:\>Command: Enable-BluGenieWinRMoverWMI -OutUnEscapedJSON

Description: Enable-BluGenieWinRMoverWMI and Return Output as UnEscaped JSON format

Notes: The OutUnEscapedJSON is used to beatify the JSON return and not Escape any Characters. Normal return data is a Hash Table.

EXAMPLE 5

PS C:\>Command: Enable-BluGenieWinRMoverWMI -ReturnObject

Description: Enable-BluGenieWinRMoverWMI and Return Output an Object

Notes: The ReturnObject is used to return a PowerShell Object. Normal return data is a Hash Table.

EXAMPLE 6

PS C:\>Command: Enable-BluGenieWinRMoverWMI -ReturnObject -FormatView JSON

Description: Enable-BluGenieWinRMoverWMI and Return Object formatted in a JSON view

Notes: The ReturnObject is used to return a PowerShell Object. Normal return data is a Hash Table.

EXAMPLE 7

PS C:\>Command: Enable-BluGenieWinRMoverWMI -ReturnObject -FormatView Custom

Description: Enable-BluGenieWinRMoverWMI and Return Object formatted in a PSCustom view

Notes: Format-Custom is designed to display views that are not just tables or just lists. You can use the views defined in the

*format.PS1XML files in the PowerShell directory, or you can create your own views in new PS1XML files and use the

Update-FormatData cmdlet to add them to PowerShell.

RELATED LINKS

PreviousInvoke-BluGenieYaraNext16_Best Practices

Last updated 4 years ago