This module will count active filehandles in Windows. Can be modified to count specific kind of handles, or handles for a given process. NOTE: you need to download “handle” from sysinternals.com NOTE: The first execution (on the agent) will require...
This module searchs the event that informs that the account has been enabled. Module data module_begin module_name Account enabled module_type async_string module_logevent module_source Security module_eventcode 4722 module_description Account enabled ...
This module searchs the event that informs that the password has been changed. Module data module_begin module_name Password change module_type async_string module_logevent module_source Security module_eventcode 4723 module_description Password change ...
This module searchs the event that informs that the password has been reseted. Module data module_begin module_name Password reset module_type async_string module_logevent module_source Security module_eventcode 4724 module_description Password reset ...
