Remote Assistance - Session Logs - Windows
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Remote Assistance - Session Logs - Windows4/22/2016 7:37:08 PM
2Remote Assistance - Session Logs - Windows2/24/2017 2:01:26 PM

Description

Pulls data from the Remote Assistance session logs in each user's documents folder.

For ALL incoming connections that are established the following is collected:

  • Full name of originating user
  • IP address of originating request
  • Date of request
  • Time of request

For incoming connections where control is granted, the following is collected:

  • Full name of originating user
  • IP address of originating request
  • Date of request
  • Time of request

For all sessions, the following is collected:

  • Full name of originating user
  • Date of session start
  • Time of session start
  • Date of session end
  • Time of session end

For general information or to report issues with C3 Remote Control content please visit GitHub here: https://github.com/strawgate/C3-Remote-Control


Property Details

ID2998525
TitleRemote Assistance - Session Logs - Windows
DomainBESC
Added by on 2/24/2017 2:01:26 PM
Last Modified by on 2/24/2017 2:01:26 PM
Counters 2018 Views / 35 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

Remote Assistance - Incoming Connection Established - Windows
Period 6 hours
 
  * Results in a true/false
Show indented relevance
(xpath "CONNECTION_ESTABLISHED" of it as text, xpath "INCOMING_IP_ADDRESS" of it as text, node value of attribute "DATE" of xpath "CONNECTION_ESTABLISHED" of it as string, node value of attribute "TIME" of xpath "CONNECTION_ESTABLISHED" of it as string) of xpaths "/SESSION" of xml documents whose (exists xpath "/SESSION/INVITATION_OPENED" of it) of files of folders "Remote Assistance Logs" of folders "Documents" of folders of folder (name of drive of system folder & "\Users")
Remote Assistance - Incoming Control Granted - Windows
Period 6 hours
 
  * Results in a true/false
Show indented relevance
(xpath "CONNECTION_ESTABLISHED" of it as text | "none", xpath "INCOMING_IP_ADDRESS" of it as text | "none", node value of attribute "DATE" of xpath "EXPERT_CONTROL_STARTED" of it as string | "none", node value of attribute "TIME" of xpath "EXPERT_CONTROL_STARTED" of it as string | "none") of xpaths "/SESSION" of xml documents whose (exists xpath "/SESSION/EXPERT_CONTROL_STARTED" of it and exists xpath "/SESSION/INVITATION_OPENED" of it) of files of folders "Remote Assistance Logs" of folders "Documents" of folders of folder (name of drive of system folder & "\Users")
Remote Assistance - Incoming Session Times - Windows
Period 6 hours
 
  * Results in a true/false
Show indented relevance
(xpath "CONNECTION_ESTABLISHED" of it as text | "none", attribute "DATE" of xpath "CONNECTION_ESTABLISHED" of it as text | "none", attribute "TIME" of xpath "CONNECTION_ESTABLISHED" of it as text | "none", attribute "DATE" of xpath "CONNECTION_ENDED" of it as text | "none", attribute "TIME" of xpath "CONNECTION_ENDED" of it as text | "none") of xpaths "/SESSION" of xml documents whose (exists xpath "/SESSION/INVITATION_OPENED" of it) of files of folders "Remote Assistance Logs" of folders "Documents" of folders of folder (name of drive of system folder & "\Users")

Relevance

isWindows (Relevance 1172)
Used in 1112 fixlets and 524 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 2 analyses   * Results in a true/false
Show indented relevance
exists (folders "Remote Assistance Logs" of folders "Documents" of folders of folder (name of drive of system folder & "\Users"))

Sharing

Social Media:
Share this page on Yammer

Comments