Description Starting from this lesson, we will begin using various and different artifacts to form a clear picture of several important aspects in the field of Incident Response and Threat Hunting.
In this lesson, our main topic will be Asset Inventory.

The goal is to obtain information similar to the following:

  1. Basic information about the systems being analyzed.
  2. What are the Internal IP Addresses, even in cases where there are multiple network interfaces for these systems.
  3. What are the Public IP Addresses of the analyzed systems.
  4. What are the Firewall Rules present on the systems, in case you want to identify outliers.
  5. Who are the Local Administrators on the systems, if you want to identify outliers.

While the topic may seem simple on the surface, it has a significant impact on understanding incidents and handling them efficiently.

Video Link IR & TH Series - Velociraptor EDR Asset Inventory [ARABIC]