Please find below couple guidelines whenever you want to use the Microsoft Powershell Sensor for custom scripts.

 

Custom scripts (Standard Powershell, Exchange, Sharepoint)

Custom script must be enclosed as a function definition. 

E.g.

function doStuff()

{

param($param1)

custom script

}

A function definition must be saved in a file e.g. dostuff.ps1

In GL enter dostuff in the field “Script Filename” excluding the file extension “.ps1”.

doStuff –param1 parameterValue in the field “Parameters”

 

Restrictions:

doStuff –param1 parameterValue –server

 

The value for the parameter “server” will be set automatically from the “Targets” list for each selected target.

winrm g winrm/config


what are the current values ?

winrm get winrm/config/winrs

 

set new max memory value (e.g. 1024MB)

winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="1024"}'

 

 


Cmndlet (Standard Powershell, Exchange, Sharepoint)

Each argument or flag starts with “-“

Each piped Cmndlet must start with “|”

Each argument, flag or piped cmdlet must in a new line. E.g. 

-startDate 12/10/2014

 


Office365

Presently only cmdlets can be executed. Files containing cmdlets must exist in files: o365_exchange_ps_commands.txt, o365_sec_and_compliance_ps_commands.txt. The following cmdlets types can be executed: