D. Customizing Power Response - Asymmetric-InfoSec/Power-Response Wiki

There are many features of Power-Response that can be customized to your liking and all of these features can be controlled using the configuration file that is included with Power-Response. Listed below are the features that can be customized and their default values.

General Section

This section controls most Power-Response features that can be customized.

1. AdminUserName

Description: Administrative user name

Default Value: $ENV:UserName

2. AutoAnalyze

Description: Determines whether to automatically analyze data collections

Default Value: $true

3. AutoClear

Description: Determines whether to automatically clear the screen after plugin execution

Default Value: $true

4. EncryptPassword

Description: This is the password that is used on all zip archives to prevent exposing analysis systems to malware that may be recovered during data collection.

Default Value: 'infected'

5. HashAlgorithm

Description: Determines which hash algorithm to use for file and data integrity

Default Value: SHA256

6. OutputType

Description: Determines the output type for plugins

Default Value: XML, CSV

7. PromptText

Description: Controls the Power-Response console prompt

Default Value: Power-Response

8. RemoteStagingDirectory

Description: This is the directory that will be used on the remote system to stage artifacts before retrieval.

Default Value: C:\ProgramData\Power-Response\

9. ShowParametersAtStart

Description: For new analysts or analysts that change core parameters often, this parameter will determine if all parameters in this list are displayed at startup.

Default Value: $true

10. ThrottleLimit

Description: Controls the maximum number of hosts that will have concurrently established PS Sessions

Default Value: 32

Path Section

This section controls the default paths for critical Power-Response components.

Note: If the ShowParametersAtStart parameter is set to $true, these paths will be displayed at startup

1. Bin

Description: Path to the binaries directory

Default Value: $PSScriptRoot\BIN

2. Logs

Description: Path to the logs directory

Default Value: $PSScriptRoot\Logs

3. Output

Description: Path to the output directory

Default Value: $PSScriptRoot\Output

4. Plugins

Description: Path to the plugins directory

Default Value: $PSScriptRoot\Plugins

PSSession Section

This section controls what PSSession Options are set by the framework while creating PS Remoting sessions with remote hosts. If you can set the option in PowerShell, you can add the option here to have Power-Response use it during executions.

1. NoMachineProfile

Description: Controls whether a user profile will be created for the executing user on the remote machine

Default Value: $true (no machine profile will be created)