D. Customizing Power Response - Asymmetric-InfoSec/Power-Response GitHub Wiki
There are many features of Power-Response that can be customized to your liking and all of these features can be controlled using the configuration file that is included with Power-Response. Listed below are the features that can be customized and their default values.
General Section
This section controls most Power-Response features that can be customized.
1. AdminUserName
Description: Administrative user name
Default Value: $ENV:UserName
2. AutoAnalyze
Description: Determines whether to automatically analyze data collections
Default Value: $true
3. AutoClear
Description: Determines whether to automatically clear the screen after plugin execution
Default Value: $true
4. EncryptPassword
Description: This is the password that is used on all zip archives to prevent exposing analysis systems to malware that may be recovered during data collection.
Default Value: 'infected'
5. HashAlgorithm
Description: Determines which hash algorithm to use for file and data integrity
Default Value: SHA256
6. OutputType
Description: Determines the output type for plugins
Default Value: XML, CSV
7. PromptText
Description: Controls the Power-Response console prompt
Default Value: Power-Response
8. RemoteStagingDirectory
Description: This is the directory that will be used on the remote system to stage artifacts before retrieval.
Default Value: C:\ProgramData\Power-Response\
9. ShowParametersAtStart
Description: For new analysts or analysts that change core parameters often, this parameter will determine if all parameters in this list are displayed at startup.
Default Value: $true
10. ThrottleLimit
Description: Controls the maximum number of hosts that will have concurrently established PS Sessions
Default Value: 32
Path Section
This section controls the default paths for critical Power-Response components.
Note: If the ShowParametersAtStart parameter is set to $true
, these paths will be displayed at startup
1. Bin
Description: Path to the binaries directory
Default Value: $PSScriptRoot\BIN
2. Logs
Description: Path to the logs directory
Default Value: $PSScriptRoot\Logs
3. Output
Description: Path to the output directory
Default Value: $PSScriptRoot\Output
4. Plugins
Description: Path to the plugins directory
Default Value: $PSScriptRoot\Plugins
PSSession Section
This section controls what PSSession Options are set by the framework while creating PS Remoting sessions with remote hosts. If you can set the option in PowerShell, you can add the option here to have Power-Response use it during executions.
1. NoMachineProfile
Description: Controls whether a user profile will be created for the executing user on the remote machine
Default Value: $true
(no machine profile will be created)