Tachyon Core Instructions

A collection of all available out of the box instructions that ship with Tachyon. Useful as a reference or learning tool.

Scenario

This Product Pack contains all of the out of the box instructions that ship with Tachyon. Also acts as a useful reference of available instructions for learning purposes.

Product Pack Notes

Activate Bitlocker encryption on all fixed drives with hardwareTestPreference Activates Bitlocker on all fixed drives with either performing or skipping hardware check. Windows only.

Add action action Windows firewall rule to IP address ipaddressAdd specified action firewall rule to specified IP address. Windows only.

Back up Bitlocker enabled drive keys Backs up Bitlocker keys for enabled drives to Active Directory. Uses a powershell script. Windows only.

Change default IPv4 gateway of adapters from expectedGateway to requestedGatewayModifies the default IPv4 gateway of a device’s adapters from one to another. This will take effect only if current gateway matches expected value. Uses PowerShell script. Windows only.

Change service servicename and its dependencies to state state Starts or stops a service and any services which are dependent on it Check whether coverage tag tagname exists Checks whether a specific coverage tag exists

Check whether coverage tag tagname has value of tagvalueChecks whether a coverage tag has a specified value

Check whether freeform tag tagname exists Checks whether a specific freeform tag exists

Check whether freeform tag tagname has the value of tagvalueChecks whether a freeform tag has a specified value

Create an empty coverage tag named tagnameCreates a coverage tag with an empty value. If this tag already exists, its value will be removed.

Create empty freeform tag named tagnameCreates a freeform tag with an empty value. If this tag already exists, its value will be removed.

Delete action action Windows firewall rule assigned to IP address ipaddressDeletes specified action firewall rule assigned to specified IP address. Windows only.

Delete a value under subkey for every user in the HKEY_USERS hive Delete an entry for each user in the HKEY_USERS hive. Windows only.

Delete a local account named accountToDeleteDeletes specified local account. That account should not have any machine prefix attached. This will return the exit code from the deletion.

Delete all coverage tags Deletes all coverage tags. This is a high impact instruction and should be used with care.

Delete all freeform tags Deletes all freeform tags. This is a high impact instruction and should be used with care.

Delete coverage tag named tagnameDeletes specified coverage tag Delete file named filenameDeletes a file with specified path Delete freeform tag named tagnameDeletes specified freeform tag

Delete key subkey for every user in the HKEY_USERS hive Delete a key for each user in the HKEY_USERS hive. Windows only.

Delete registry entry hive subkey nameDeletes the registry entry. Windows only.

Delete registry key hive subkey recursively Delete an entire registry key. Windows only.

Flush DNS Flushes DNS cache on the machine

Get all coverage tags Returns all coverage tag values

Get all freeform tags Returns all freeform tag values

Get coverage tag tagnameReturns value of a specific coverage tag

Get freeform tag tagnameReturns value of a specific freeform tag

How are device network adapters configured? Details of network adapter configuration. Windows only.

How many coverage tags are there? Returns the number of coverage tags

How many freeform tags are there? Returns the number of freeform tags

How many local groups is accountName a member of? The number of local groups each matching account is a member of. Windows only.

How many of each operating system versions are installed? Return a count of all distinct Operating Systems, Version and Virtual platform for each Tachyon-connected device

How much memory is installed? Memory details for each installed DIMM

Kill process processIdTerminates a single process

Kill process(es) exenameTerminate all instances of a specified executable

Log off user. Logs off specified user from all specified machines. The account should not contain a prefix. The user will be forcibly logged off – unsaved work or documents will be lost. Windows only.

Ping targetmachine using ipversionPing a specific IP address

Refresh the Windows CRL cache. Refreshes the CRL cache by setting the ChainCacheResyncFiletime. This means that windows will attempt to retrieve a CRL the next time it is called upon for verification.

Remove all copies of all certificates with a thumbprint of thumbprint from the folder of the local machine store. Removes all copies of all certificates with the specified thumbprint from the specified local machine store folder. Uses a PowerShell script. Windows only.

Remove application appname published by publisherRemoves all versions of the specified application published by specified publisher, if it is present.

Remove version version of application appname published by publisherRemoves specified version of the application published by specified publisher, if it is present. 

Rename a Windows local account from currentUser to desiredUser. Renames a Windows local account from %currentUser% to %desiredUser%. Neither account should contain a prefix. Uses PowerShell script.

Renew local machine certificates in folder issued by issuer, and requestNewKeys. Renews all certificates by the specified issuer in the specified local machine store. Uses PowerShell script. Windows only.

Request a machine certificate Requests a machine certificate from a trusted issuing certificate authority and stores it in the machine’s personal store. Windows only.

Set name as valuetype to value under subkey for every user in the HKEY_USERS hive Set a registry entry for each user in the HKEY_USERS hive. Windows only.

Set coverage tag tagname to tagvalueSets a value for a coverage tag on devices. This tag can be used to narrow down target devices for instructions.

Set freeform tag tagname to tagvalueSets a value for a freeform tag on devices. This tag and value combination can be arbitrary. This tag cannot be used to narrow down target devices for instructions.

Set PowerShell execution policy to executionPolicySets the PowerShell execution policy on devices. New execution polity will be returned after being set.

Set registry entry hive subkey name to valuetype valueSet the value for given Registry entry. Windows only.

Set service servicename startup type to startuptype and state to stateChanges the startup type and the state of an operating system service

What are all the values under a registry subkey for each user in the HKEY_USERS hive? Get all the values under a subkey for each user in the HKEY_USERS hive. Windows only.

What are all the values under the registry key hive subkey? Get all values for a Registry key. Windows only.

What are the default IPv4 gateways on my devices’ adapters, includingDisabled?Lists name and default IPv4 gateway for each adapter on the device. Disabled adapters can be included or excluded. Uses a PowerShell script. Windows only.

What are the network listening processes and ports? Gets network listening processes and ports.

What audio devices are installed? Returns details of audio devices

What BIOS firmware is installed? Returns details of BIOS firmware

What certificates are in folder in the local machine store on the device? Returns all certificates in a specified folder in the local machine store.

What certificates have a field that matches searchTerm in the local machine store on the device? Returns all certificates whose %field% matches %searchTerm% in the local machine store. This will wildcard search all folders within the local machine store. Uses a PowerShell script. Windows only.

What device drivers are installed? Returns details of device drivers

What does the WMI query query on namespace return? Executes a WMI query and returns result. The query execution will be successfull only if the WMI namespace and class exists. Windows only.

What files are in folder, including subfolders? Retrieve the files in a specified folder and all subfolders. Windows only.

What files are in folder? Retrieve the files in a specified folder. Windows only.

What is the content of filename? Retrieve the content of files matching the given search pattern

What is the current Powershell execution policy? Returns the Powershell execution policy on the device.

What is the nslookup for address ? Performs an nslookup on %address%. This will return the output as a string.

What is the value of value under subkey for each user in the HKEY_USERS hive?Get a registry value for each user in the HKEY_USERS hive. Windows only.

What is the value of the registry entry hive subkey name? Get the value for a Registry entry. Windows only.

What memory chips are installed? Details of RAM chips. Windows only.

What on-board cache memory is available? Returns details of processor’s cache memory

What optical drives are installed? Returns details of all optical drives

What processes are running? Get all running processes

What processor types are being used? Gets processor types being used by devices. Windows only.

What services are running? Retrieves all the running services. Windows only.

What software is installed? Returns all installed software

What video adapters are installed? Returns details of video graphic adapters

Which certificates in the device’s local machine store are expired? Returns all expired certificates in the local machine store.

Which certificates in the device’s local machine store are expiring in numberOfDays days? Returns all certificates in the local machine store, that are expiring in a specified number of days

Which certificates in the device’s local machine store are not yet live? Returns all certificates that are not yet live in the local machine store.

Which certificates in the device’s local machine store have a lifetime overOrUnder numberOfDays days? Returns all certificates that are with a specific lifetime in the local machine store.

Which devices are domainName\accountName logged in on? All devices on which the given user is currently logged in. Windows only.

Which devices are currently running ProcessName as local admin? All devices that currently have the specified process running with local administrator privilages

Which devices are listening on port port? Gets devices listening on a specific network port. It also includes information about the listening process.

Which devices are running executable? Shows machines running specified executable. Windows only.

Which devices currently have active network connections to ipAddress? Gets all devices that currently have an open TCP connections to the specified IP address. It includes information about processes and ports.

Which devices has action action Windows firewall rule assigned to IP address ipaddress? Gets devices with specified action firewall rule assigned to specified IP address

Which devices have a file named filename on a fixed disk? Finds a file by name

Which devices have a file of filesize bytes with a SHA256 hash of hash on a fixed disk? Finds a file by size and SHA256 hash

Which devices have the registry entry hive subkey name? Determine whether given Registry entry exists. Windows only.

Which devices have the registry key hive subkey? Determine whether a given Registry key exists. Windows only.

Which devices respond to a check for a simple IoC that evaluates the indicators: IP_Address Ports FileSpec Domain IP_Range URL, gathered since Search_Period_days days ago? Check a simple Indicator of Compromise

Which drives have Bitlocker enabled? Returns drives with Bitlocker enabled

Which fixed drives don’t have Bitlocker enabled? Returns fixed drives which don’t have Bitlocker enabled

Which hard drives are installed? Details of physical disk drives. Windows only.

Which Hyper-V virtual machines are deployed? Details of virtualized Hyper-V guests. Windows only.

Which IP addresses are assigned to devices? IP addresses assigned to devices. Windows only.

Which lines of filename match the pattern pattern? Retrieves the lines of files matching the given search pattern

Which logical drives are available? Details of logical drives, including network drives. Windows only.

Which network adapters are installed? Details of network adapters. Windows only.

Which plug-and-play devices are installed? Details of plug and play devices. Windows only.

Which printers are installed? Display details of installed printers. Windows only.

Which processors are installed? Details of processors installed. Windows only.

Which removable drives are installed? Details of removable drives. Windows only.

Which unsigned device drivers are installed? Gets device drivers which are not digitally signed. Windows only.

Which USB devices are installed? Gets details of installed USB devices. Windows only.

Which users are currently logged into devices? Shows a list of all users logged into devices, including interactive and remote desktop sessions

Which users in the HKEY_USERS hive have subkey? Determine whether a registry key exists for each user in the HKEY_USERS hive. Windows only.

Which users in the HKEY_USERS hive have a value under subkey? Determine whether a registry entry exists for each user in the HKEY_USERS hive. Windows only.

Which versions of appname are installed? Returns count of all distinct versions of the specified product. Note the value entered does not need to be complete e.g. enter chrome and all products containing chrome will be returned.

Which versions of publisher appname are installed? Returns count of all distinct versions of the specified publisher and product. Note the values entered do not need to be complete e.g. enter Micro and all publishers containing Micro will be returned.

Which Windows hotfixes are installed? Returns a list of installed Windows hotfixes Which Windows services are disabled? Shows count of disabled Windows services

Which Windows updates are pending a reboot? Gets Windows updates with a count of each device that is pending a reboot for this update to take effect. Windows only.

You must log in to submit a review.Click here to login.

Details

Author

1E Product Pack Creator

Published

Downloads

49

Categories

,

Compatible Versions