Operating System

os_autoruns

List pieces of code executing at startup, similar to SysInternals autoruns.

Platforms:

usage: os_autoruns [-h]

os_drivers

List all drivers on Windows.

Platforms:

usage: os_drivers [-h]

os_kill_process

Kill a process running on the endpoint.

Platforms:

usage: os_kill_process [-h] [-p PID] [-a PROCESSATOM]

optional arguments:
  -p PID, --pid PID     pid of the process to kill
  -a PROCESSATOM, --processatom PROCESSATOM
                        the atom of the target process

os_packages

List installed software packages.

Platforms:

usage: os_packages [-h]

os_processes

List all running processes on the endpoint.

For a faster response time, we recommend running os_processes --is-no-modules.

Platforms:

usage: os_processes [-h] [-p PID] [--is-no-modules]

optional arguments:
  -p PID, --pid PID  only get information on process id
  --is-no-modules    do not report modules in processes

os_resume

Resume execution of a process on the endpoint.

Platforms:

usage: os_resume [-h] [-p PID] [-a PROCESSATOM] [-t TID]

optional arguments:
  -p PID, --pid PID     process id
  -a PROCESSATOM, --processatom PROCESSATOM
                        the atom of the target process
  -t TID, --tid TID     thread id

os_services

List all services (Windows, launchctl on MacOS and initd on Linux).

Platforms:

usage: os_services [-h]

os_suspend

Suspend a process running on the endpoint.

Platforms:

usage: os_suspend [-h] [-p PID] [-a PROCESSATOM] [-t TID]

optional arguments:
  -p PID, --pid PID     process id
  -a PROCESSATOM, --processatom PROCESSATOM
                        the atom of the target process
  -t TID, --tid TID     thread id

os_users

List system users.

Platforms:

usage: os_users [-h]

os_version

Get detailed OS information on the endpoint.

Platforms:

usage: os_version [-h]