→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !
12-22-2023 05:37 AM - edited 12-22-2023 06:38 AM
I have created report to check processes with hacker's or admin's tools
Select Distinct Top 1000000 tblAssets.AssetID,
tblAssets.AssetUnique,
tblAssets.Domain,
tblAssets.Username,
tblADusers.Displayname,
tblADusers.Department,
tblADusers.Title,
tblADusers.Company,
tblProcesses.ExecutablePath,
tblProcesses.Caption,
tblProcesses.Lastchanged
From tblAssets
Inner Join tblProcesses On tblAssets.AssetID = tblProcesses.AssetID And
Lower(tblProcesses.Caption) In ('adexplorer.exe', 'psexec',
'tasklist.exe', 'hostname.exe', 'systeminfo.exe', 'ver.exe',
'ipconfig.exe', 'netstat.exe', 'ping.exe', 'nslookup.exe', 'nltest.exe',
'net.exe', 'net1.exe', 'reg.exe', 'schtasks.exe', 'at.exe', 'query.exe',
'wscript.exe', 'cscript.exe', 'qwinsta.exe', 'quser.exe', 'netsh.exe',
'wmic.exe', 'mshta.exe', 'curl.exe', 'certutil.exe', 'sc.exe',
'powershell.exe', 'procdump.exe', 'ngrok.exe')
Left Join tblADusers On tblADusers.Username = tblAssets.Username And
tblADusers.Userdomain = tblAssets.Domain
Order By tblAssets.AssetID
It can help detect some types of attacks.
01-05-2024 09:59 PM
Under scanning go to scanned items wait time and enable process scanning. Beware that this can cause your database to grow in size.
01-05-2024 07:13 PM
Interesting. Any requirements to setup for the report?
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now