jfrantz1-r7

wget https://s3.amazonaws.com/com.rapid7.razor.public/endpoint/agent/latest/linux/x86_64/agent_control_latest.sh
chmod u+x agent_control_latest.sh
sudo ./agent_installer.sh install_start --token=YOUR TOKEN HERE

jfrantz1-r7

$path = Get-Location
$token = "your-token-here"

(New-Object System.Net.WebClient).DownloadFile("https://s3.amazonaws.com/com.rapid7.razor.public/endpoint/agent/latest/windows/x86_64/PyForensicsAgent-x64.msi", "$path\agent_installer.msi")

msiexec.exe /i agent_installer.msi CUSTOMCONFIGPATH=$path CUSTOMTOKEN=$token /qn /norestart /L*v installer.log

jfrantz1-r7

Import-Module ActiveDirectory

get-aduser -filter * -properties Name, PasswordNeverExpires | where {
$_.passwordNeverExpires -eq "true" } |  Select-Object Name,Enabled |
Export-csv c:\reports\non-expiring-users.csv -NoTypeInformation

jfrantz1-r7

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AWSCloudTrailAclCheck20150319",
            "Effect": "Allow",
            "Principal": {
                "Service": "cloudtrail.amazonaws.com"
            },
            "Action": "s3:GetBucketAcl",

jfrantz1-r7

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [

jfrantz1-r7

SELECT da.ip_address, da.host_name, ds.vendor, ds.name as software_name,  ds.family, ds.version
FROM dim_asset_software das
  JOIN dim_software ds using (software_id)
  JOIN dim_asset da on da.asset_id = das.asset_id
WHERE ds.name like '%SOFTWARE-HERE%'

jfrantz1-r7

#! /bin/bash
curl -o /tmp/Rapid7Setup-Linux64.bin http://download2.rapid7.com/download/InsightVM/Rapid7Setup-Linux64.bin
response=$(curl --request POST \
	--url https://<ip of console>:<port>/api/3/scan_engines/shared_secret \
	--H 'authorization: Basic <credential here>' \
	--H 'Content-Type:application/json')
console="<ip of console here>"
/tmp/Rapid7Setup-Linux64.bin -q -overwrite -Vfirstname='<replace me>' -Vlastname='<replace me>' \
-Vcompany='<replace me>' -Vusername='<replace me>' -Vpassword1='<replace me>' -Vpassword2='<replace me>' \
-Vsys.component.typical\$Boolean=false -Vsys.component.engine\$Boolean=true \

jfrantz1-r7

SELECT     fact_asset.scan_finished        AS "Last Scan Date",
           dim_asset_host_name.host_name   AS "Asset Host Name",
           dim_asset_ip_address.ip_address AS "Asset IP Address"
FROM       fact_asset
INNER JOIN dim_asset_host_name
ON         dim_asset_host_name.asset_id = fact_asset.asset_id
INNER JOIN dim_asset_ip_address
ON         dim_asset_ip_address.asset_id = dim_asset_host_name.asset_id
WHERE      scan_finished NOT BETWEEN Now()::timestamp - interval '30d' AND now()::timestamp;

jfrantz1-r7

SELECT dsite."name" AS "Site",
       da.ip_address,
       da.host_name,
       dos.description AS "OS",
       os.certainty_max
FROM   fact_asset AS fa
       JOIN dim_asset da
         ON da.asset_id = fa.asset_id
       JOIN (SELECT asset_id,
                    Max(certainty) AS certainty_max

jfrantz1-r7

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssm:DescribeAssociation",
                "ssm:GetDeployablePatchSnapshotForInstance",
                "ssm:GetDocument",
                "ssm:DescribeDocument",