Hi Guys,
I'm trying to scan a host using response action.
looks like you can only scan a specific folder or directory rather than the entire host like C drive
is it possible to scan the entire host ?
And also where do you check the results of the scan after complete?
Hi Charles,
Thanks for reaching out. I presume you're trying the scan command via Responder? If yes, then it is indeed possible to scan the entire C drive. You should be able to enter a scan action like so, scan --path "C:\" and that should work. See screenshot.
A scan action result is going to generate an alert if a malicious file is found and you should see that alert on the Alerts page (/app/security/alerts). An alert is not generated otherwise. See the screenshot for such an alert.
You can see the results of action requests, including the scan action, on the Response console, the Host's Details flyout for the host. Hosts are listed out on the Endpoint list page (app/security/administration/endpoints). You can also see the action's result on the Response Actions History page (app/security/administration/response_actions_history) by expanding the action item. See screenshots.
Hope this helps, but please do reach out again if you need help.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
