empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ae669e1749
fleet/schema/tables/windows_firewall_rules.yml
Josh Brower 1f87644a23
Initial cut of Win tables schema (#8351) 
* Initial cut of Win tables schema

* Add context

* Formatting fixes

* Add bitlocker_info

* Remove temp stuff

* Remove temp stuff redux

* Apply suggestions from code review

Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca>

* Update bitlocker_info.yml

* Edited for clarity

Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca>
2022-10-21 11:21:08 -04:00

12 lines
630 B
YAML
Raw Blame History

name: windows_firewall_rules
examples: >-
Controlling inbound access to remote services is essential for maintaining security on a system. This query lists all enabled Windows Firewall rules that allow inbound RDP, WinRM & VNC connections on the public firewall profile.
```
SELECT name,app_name,local_ports FROM windows_firewall_rules WHERE enabled = 1 AND direction = "In" AND remote_addresses="*" AND profile_public = 1 AND action = "Allow" AND local_ports IN ("3389","5985","5986","5900");
```
notes: >-
* A rule can exist, but it has to be part of the currently enabled firewall profile to be enforced.
Reference in New Issue View Git Blame Copy Permalink