J. Importing Parameter Objects using Import Items - Asymmetric-InfoSec/Power-Response GitHub Wiki

Import-Items (formally Import-Computers) is a plugin that allows analysts to ingest parameter values from a CSV for use in plugins. ComputerNames, Paths, etc. can all be ingested into Power-Response using this plugin. There are two methods that this plugin can be used: basic and advanced.

The Basic Method

The basic way leverages pre-existing templates for ingestion and allows Import-Items to run using its default process. The ingestion templates are located in the Extras directory in the root of the Power-Response repository. To ingest parameter values this way, follow these steps:

  1. Add data to the template that makes the most sense (this can be any template for importing computers, scoping information, eradication information, etc.)

  2. Enter into the Import-Items plugin

  3. Set the PATH parameter to the file path to your csv containing parameter data

  4. Set the Key parameter to the Parameter that you are importing for (EX: set to ComputerName if importing computers, or Path if importing paths)

  5. Execute the run command and parameter data ingestion will be completed

The Advanced Method

The Import-Items plugin allows for flexibility in the column headers that are used and the parameters they are ingesting for. This allows an analyst to take output from one tool with arbitray header names and ingest it into Power-Response using the the Import-Items plugin. The Import-Items plugin has the following parameters:

Path: This will be the path where you have your csv file stored

Key: This will be the column header that you are targeting for ingestion

ParameterName: This will be the parameter that you are ingested data for (EX: ComputerName, Path, etc.)

To import parameter data using arbitrary column headers, follow these steps:

  1. Set the Path parameter to be the file path to your stored CSV

  2. Set the Key parameter to the column header that you will be importing data from (Ex: CmpterName)

  3. Set the 'ParameterName` parameter to the parameter that you will be ingesting data for (Ex: ComputerName)

Note: If you do not specify a value for this parameter, it is set to use $Key as the default value. If this value does not exist as a Power-Response parameter, you will not ingest the data properly.

  1. Execute the plugin and your parameter data will be ingested