mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-16 16:03:17 +03:00
mukul975
c21af3347e
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
29 lines
1.1 KiB
Markdown
29 lines
1.1 KiB
Markdown
# API Reference — Performing Endpoint Forensics Investigation
|
|
|
|
## Libraries Used
|
|
- **subprocess**: Execute Windows forensic commands (wmic, netstat, reg, schtasks)
|
|
- **hashlib**: Calculate MD5, SHA1, SHA256 hashes for evidence integrity
|
|
- **csv**: Parse WMIC CSV output
|
|
|
|
## CLI Interface
|
|
|
|
```
|
|
python agent.py triage # Full forensic triage
|
|
python agent.py processes # Running processes with PIDs and command lines
|
|
python agent.py network # Active network connections
|
|
python agent.py autoruns # Persistence entries
|
|
python agent.py hash --file <filepath> # Hash file for evidence
|
|
```
|
|
|
|
## Core Functions
|
|
|
|
### `full_triage()` — Runs all collection functions
|
|
### `collect_system_info()` — Hostname, OS version, network config, uptime
|
|
### `collect_running_processes()` — Process list via `wmic process get`
|
|
### `collect_network_connections()` — Active connections via `netstat -ano`
|
|
### `collect_autoruns()` — Registry Run keys and scheduled tasks
|
|
### `hash_file(filepath)` — MD5/SHA1/SHA256 hash calculation
|
|
|
|
## Dependencies
|
|
No external packages — uses Windows built-in commands and Python stdlib.
|