...
Every environment is different and we understand that. We are often questioned if Open-AudIT is pcidss compliant, can audit in a DMZ (demilitarized zone) or an air gapped network. The answer to all of these questions is yes however, it is a matter of process. This How-To is designed to help you think through this process and assist in implementing Open-AudIT into a variety of complex network environments. Follow the chart and decide which audit methods are most relevant to you and your team and see instructions below on how to accomplish these complex audits.
Auditing with a script
Open-AudIT can perform audits simply with the proper credential set of a device or subnet. In some cases there may be no internet access or it is a remote machine, etc. this is when auditing using a script can come in handy.
...
You may need to substitute the string "workgroup" or the remote computer name for REMOTE_DOMAIN above.
Flow questions for chart
Can you connect to the server from another server? Yes - Audit normally No - script?
Can your server send audit results to any machine on your network? Yes - normal No - collector server or send info to one ip
Is your machine in a DMZ? Yes - script No - normal
Is your machine on the domain? Yes - normal No - script
Is this an air gapped network? Yes - script No - normal
Is this an Active Directory discovery? Yes see link No - normal
Is this device connected to the internet? Yes - Normal, No - Script
Commands
Other Commands
This command cscript audit_windows.vbs . submit_online=n create_file=y - will run the audit on the local PC and output the results to a file (in the current directory). The "." can be used in place of the local machine name:
cscript audit_windows.vbs . submit_online=n create_file=y
| Code Block |
|---|
cscript audit_windows.vbs . submit_online=n create_file=y |
Other helpful resources
What Operating Systems will the audit scripts run on?
...