Windows assets can be discovered using twigs Powershell script (twigs.ps1). Twigs Powershell script for windows discovery is digitally signed for security reasons. You can discover local or remote Windows hosts using Twigs Powershell script.
Follow the steps below to perform discovery of Windows assets using twigs Powershell script:
Logon to the Windows machine for discovery
Download twigs PowerShell script from here
Install signing certificate for the Powershell script
Right click the Powershell script in Windows explorer and select Properties
In the Properties window, click on “Digital Signatures” tab
In the “Signature List” table, select row for “ThreatWorx”
Click on “Details” and then “View Certificate”
Click on “Install Certificate…” to install the certificate for “Local Machine” in “Trusted Root Certificate Authorities” and “Trusted Publishers” store.
Note you will need API token key to perform discovery.
Please ensure that ExecutionPolicy allows running Powershell scripts. To view current execution policy, please run ‘Get-ExecutionPolicy’. Refer to note below for details on how to change it.
The typical command parameters to twigs Powershell script are as below