Scribd Logo
Upload

Welcome to Scribd!

  • Wazuh Agents Syscollector 1623270342

    Uploaded by

    francis
    7 views10 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views10 pages

    Wazuh Agents Syscollector 1623270342

    Uploaded by

    francis

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    info@wazuh.

    com
    https://wazuh.com

    Inventory data report


    ID Name IP Version Manager OS Registration date Last keep alive
    001 teqwsus 192.168.185.100 Wazuh Wazuh Microsoft Windows Server 2016 2021-03-29 2021-06-09
    v3.13.2 Standard 10.0.14393 06:09:02 20:25:48

    Groups: default, tequendama

    Applications, network configuration, open ports and processes running on your monitored
    systems.

    Hardware information
    8 cores
    Intel(R) Xeon(R) CPU E5-2609 v4 @ 1.70GHz
    15.87GB RAM

    OS information
    6.2
    x86_64
    Microsoft Windows Server 2016 Standard 10.0.14393

    Copyright © 2020 Wazuh, Inc. Page 1 of 10


    info@wazuh.com
    https://wazuh.com

    Packages

    Name Architecture Version Vendor


    WinRAR 5.70 (64-bit) x86_64 5.70.0 win.rar GmbH
    Attunity Oracle CDC Service x86_64 11.1.3000.0 Microsoft Corporation
    Microsoft System CLR Types para SQL Server 2012 (x64) x86_64 11.1.3000.0 Microsoft Corporation
    Attunity Oracle CDC Designer x86_64 11.1.3000.0 Microsoft Corporation
    Microsoft ODBC Driver 11 for SQL Server x86_64 12.2.5543.11 Microsoft Corporation
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 x86_64 12.0.21005 Microsoft Corporation
    Microsoft Visual C++ 2017 X64 Additional Runtime - 14.16.27024 x86_64 14.16.27024 Microsoft Corporation
    Symantec Endpoint Protection x86_64 14.2.1031.0100 Symantec Corporation
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 x86_64 12.0.21005 Microsoft Corporation
    Microsoft Visual C++ 2017 X64 Minimum Runtime - 14.16.27024 x86_64 14.16.27024 Microsoft Corporation
    Google Chrome i686 91.0.4472.77 Google LLC
    Npcap 0.995 i686 0.995 Nmap Project
    Wazuh Agent i686 3.13.2 Wazuh, Inc.
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 i686 12.0.21005 Microsoft Corporation
    Java 8 Update 211 i686 8.0.2110.12 Oracle Corporation
    Java Auto Updater i686 2.8.211.12 Oracle Corporation
    Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27029 i686 14.16.27029.1 Microsoft Corporation
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 i686 12.0.21005.1 Microsoft Corporation
    Security World Software for nShield i686 12.40.2 Thales
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 i686 12.0.21005.1 Microsoft Corporation
    Microsoft Report Viewer 2012 Runtime i686 11.1.3452.0 Microsoft Corporation
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 i686 12.0.21005 Microsoft Corporation
    cyberJack Base Components i686 7.2.5 REINER SCT

    Copyright © 2020 Wazuh, Inc. Page 2 of 10


    info@wazuh.com
    https://wazuh.com

    Processes

    Name CMD Priority NLWP


    System none 8 138
    ccSvcHst.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.1031.0100.105\Bin 8 128
    \ccSvcHst.exe
    sqlservr.exe C:\Windows\WID\Binn\sqlservr.exe 8 74
    w3wp.exe C:\Windows\System32\inetsrv\w3wp.exe 8 60
    svchost.exe C:\Windows\System32\svchost.exe 8 50
    svchost.exe C:\Windows\System32\svchost.exe 8 47
    ShellExperienceHost.exe C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 8 41
    explorer.exe C:\Windows\explorer.exe 8 39
    ShellExperienceHost.exe C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 8 34
    explorer.exe C:\Windows\explorer.exe 8 31
    ShellExperienceHost.exe C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 8 30
    svchost.exe C:\Windows\System32\svchost.exe 8 29
    explorer.exe C:\Windows\explorer.exe 8 29
    svchost.exe C:\Windows\System32\svchost.exe 8 27
    LogonUI.exe C:\Windows\System32\LogonUI.exe 13 23
    svchost.exe C:\Windows\System32\svchost.exe 8 21
    hardserver.exe C:\Program Files (x86)\nCipher\nfast\bin\hardserver.exe 8 21
    svchost.exe C:\Windows\System32\svchost.exe 8 20
    ccSvcHst.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.1031.0100.105\Bin 8 20
    \ccSvcHst.exe
    ccSvcHst.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.1031.0100.105\Bin 8 20
    \ccSvcHst.exe
    ccSvcHst.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.1031.0100.105\Bin 8 20
    \ccSvcHst.exe
    svchost.exe C:\Windows\System32\svchost.exe 8 19
    mmc.exe C:\Windows\System32\mmc.exe 8 19
    SearchUI.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 8 19
    SearchUI.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 8 18
    dwm.exe C:\Windows\System32\dwm.exe 13 17
    mmc.exe C:\Windows\System32\mmc.exe 8 17
    SearchUI.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 8 17
    LogonUI.exe C:\Windows\System32\LogonUI.exe 13 15
    LogonUI.exe C:\Windows\System32\LogonUI.exe 13 15
    dwm.exe C:\Windows\System32\dwm.exe 13 15
    csrss.exe - 13 14
    svchost.exe C:\Windows\System32\svchost.exe 8 14
    cjpcsc.exe C:\Windows\SysWOW64\cjpcsc.exe 8 14
    taskhostw.exe C:\Windows\System32\taskhostw.exe 8 13
    taskhostw.exe C:\Windows\System32\taskhostw.exe 8 13

    Copyright © 2020 Wazuh, Inc. Page 3 of 10


    info@wazuh.com
    https://wazuh.com

    Name CMD Priority NLWP


    taskhostw.exe C:\Windows\System32\taskhostw.exe 8 13
    svchost.exe C:\Windows\System32\svchost.exe 8 12
    svchost.exe C:\Windows\System32\svchost.exe 8 12
    WsusService.exe C:\Program Files\Update Services\Services\WsusService.exe 8 12
    csrss.exe - 13 10
    lsass.exe C:\Windows\System32\lsass.exe 9 10
    csrss.exe - 13 10
    dwm.exe C:\Windows\System32\dwm.exe 13 10
    csrss.exe - 13 10
    dwm.exe C:\Windows\System32\dwm.exe 13 10
    csrss.exe - 13 10
    spoolsv.exe C:\Windows\System32\spoolsv.exe 8 9
    svchost.exe C:\Windows\System32\svchost.exe 8 9
    msdtc.exe C:\Windows\System32\msdtc.exe 8 9
    System Idle Process none - 8
    svchost.exe C:\Windows\System32\svchost.exe 8 8
    svchost.exe C:\Windows\System32\svchost.exe 8 8
    svchost.exe C:\Windows\System32\svchost.exe 8 8
    WmiPrvSE.exe C:\Windows\System32\wbem\WmiPrvSE.exe 8 8
    svchost.exe C:\Windows\System32\svchost.exe 8 8
    ServerManager.exe C:\Windows\System32\ServerManager.exe 8 8
    svchost.exe C:\Windows\System32\svchost.exe 8 8
    rdpclip.exe C:\Windows\System32\rdpclip.exe 8 8
    svchost.exe C:\Windows\System32\svchost.exe 8 8
    svchost.exe C:\Windows\System32\svchost.exe 8 7
    sihost.exe C:\Windows\System32\sihost.exe 8 7
    sihost.exe C:\Windows\System32\sihost.exe 8 7
    sihost.exe C:\Windows\System32\sihost.exe 8 7
    inetinfo.exe C:\Windows\System32\inetsrv\inetinfo.exe 8 5
    rdpclip.exe C:\Windows\System32\rdpclip.exe 8 5
    rdpclip.exe C:\Windows\System32\rdpclip.exe 8 5
    RuntimeBroker.exe C:\Windows\System32\RuntimeBroker.exe 8 5
    svchost.exe C:\Windows\System32\svchost.exe 8 4
    svchost.exe C:\Windows\System32\svchost.exe 8 4
    RuntimeBroker.exe C:\Windows\System32\RuntimeBroker.exe 8 4
    RuntimeBroker.exe C:\Windows\System32\RuntimeBroker.exe 8 4
    services.exe - 9 3
    conhost.exe C:\Windows\System32\conhost.exe 8 3
    unsecapp.exe C:\Windows\System32\wbem\unsecapp.exe 8 3
    GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe 4 3
    GoogleCrashHandler64.exe C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe 4 3

    Copyright © 2020 Wazuh, Inc. Page 4 of 10


    info@wazuh.com
    https://wazuh.com

    Name CMD Priority NLWP


    WmiPrvSE.exe C:\Windows\SysWOW64\wbem\WmiPrvSE.exe 8 3
    jucheck.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe 8 3
    jucheck.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe 8 3
    smss.exe - 11 2
    winlogon.exe C:\Windows\System32\winlogon.exe 13 2
    sqlwriter.exe C:\Windows\WID\Binn\sqlwriter.exe 8 2
    edge_serv.exe C:\Program Files (x86)\nCipher\nfast\bin\edge_serv.exe 8 2
    raserv.exe C:\Program Files (x86)\nCipher\nfast\bin\raserv.exe 8 2
    winlogon.exe C:\Windows\System32\winlogon.exe 13 2
    jusched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 8 2
    dllhost.exe C:\Windows\System32\dllhost.exe 8 2
    winlogon.exe C:\Windows\System32\winlogon.exe 13 2
    jusched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 8 2
    dllhost.exe C:\Windows\System32\dllhost.exe 8 2
    winlogon.exe C:\Windows\System32\winlogon.exe 13 2
    jusched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 8 2
    dllhost.exe C:\Windows\System32\dllhost.exe 8 2
    wininit.exe - 13 1
    cmd.exe C:\Windows\SysWOW64\cmd.exe 8 1
    hardserver.exe C:\Program Files (x86)\nCipher\nfast\bin\hardserver.exe 8 1
    iashost.exe C:\Windows\System32\iashost.exe 8 1
    win32ui.exe C:\Program Files (x86)\ossec-agent\win32ui.exe 8 1

    Copyright © 2020 Wazuh, Inc. Page 5 of 10


    info@wazuh.com
    https://wazuh.com

    Network ports

    Local IP Local port Process State Protocol


    0.0.0.0 80 System listening tcp
    0.0.0.0 135 svchost.exe listening tcp
    0.0.0.0 445 System listening tcp
    0.0.0.0 3389 svchost.exe listening tcp
    0.0.0.0 5985 System listening tcp
    0.0.0.0 8530 System listening tcp
    0.0.0.0 8531 System listening tcp
    0.0.0.0 9004 hardserver.exe listening tcp
    0.0.0.0 9005 raserv.exe listening tcp
    0.0.0.0 47001 System listening tcp
    0.0.0.0 49664 wininit.exe listening tcp
    0.0.0.0 49665 svchost.exe listening tcp
    0.0.0.0 49668 lsass.exe listening tcp
    0.0.0.0 49669 svchost.exe listening tcp
    0.0.0.0 49672 lsass.exe listening tcp
    0.0.0.0 49681 spoolsv.exe listening tcp
    0.0.0.0 49689 svchost.exe listening tcp
    0.0.0.0 49712 services.exe listening tcp
    127.0.0.1 9000 hardserver.exe listening tcp
    127.0.0.1 9001 hardserver.exe listening tcp
    169.254.56.154 139 System listening tcp
    169.254.122.117 139 System listening tcp
    192.168.185.100 139 System listening tcp
    :: 80 System listening tcp6
    :: 135 svchost.exe listening tcp6
    :: 445 System listening tcp6
    :: 3389 svchost.exe listening tcp6
    :: 5985 System listening tcp6
    :: 8530 System listening tcp6
    :: 8531 System listening tcp6
    :: 47001 System listening tcp6
    :: 49664 wininit.exe listening tcp6
    :: 49665 svchost.exe listening tcp6
    :: 49668 lsass.exe listening tcp6
    :: 49669 svchost.exe listening tcp6
    :: 49672 lsass.exe listening tcp6
    :: 49681 spoolsv.exe listening tcp6
    :: 49689 svchost.exe listening tcp6
    :: 49712 services.exe listening tcp6

    Copyright © 2020 Wazuh, Inc. Page 6 of 10


    info@wazuh.com
    https://wazuh.com

    Copyright © 2020 Wazuh, Inc. Page 7 of 10


    info@wazuh.com
    https://wazuh.com

    Network interfaces

    Name Mac State MTU Type


    Embedded LOM 1 Port 2 70:10:6F:B6:BD:89 down 1500 ethernet
    Embedded LOM 1 Port 1 70:10:6F:B6:BD:88 up 1500 ethernet
    Npcap Loopback Adapter 02:00:4C:4F:4F:50 up 1500 ethernet
    Ethernet 02:00:4C:4F:4F:50 up 65536 ethernet
    isatap.{5FFFBE30-2535-4FA0-B472-5C5C34D5BB70} 00:00:00:00:00:00:00:E0 down 1280 tunnel
    isatap.{E7375660-5034-409C-8521-43493973DA56} 00:00:00:00:00:00:00:E0 down 1280 tunnel
    isatap.{021AE238-AC31-45F6-9064-8107A28C49F0} 00:00:00:00:00:00:00:E0 down 1280 tunnel

    Copyright © 2020 Wazuh, Inc. Page 8 of 10


    info@wazuh.com
    https://wazuh.com

    Network settings

    Interface Address Netmask Protocol Broadcast


    Embedded LOM 1 Port 2 169.254.251.85 255.255.0.0 ipv4 169.254.255.255
    Embedded LOM 1 Port 2 fe80::11e1:126b:cded:fb55 ffff:ffff:ffff:ffff:: ipv6 -
    Embedded LOM 1 Port 1 192.168.185.100 255.255.255.0 ipv4 192.168.185.255
    Npcap Loopback Adapter 169.254.122.117 255.255.0.0 ipv4 169.254.255.255
    Npcap Loopback Adapter fe80::84c6:77cd:1867:7a75 ffff:ffff:ffff:ffff:: ipv6 -
    Ethernet 169.254.56.154 255.255.0.0 ipv4 169.254.255.255
    Ethernet fe80::5479:9d70:e9e9:389a ffff:ffff:ffff:ffff:: ipv6 -
    isatap.{5FFFBE30-2535-4FA0-B472-5C5C34D5BB70} fe80::5efe:169.254.56.154 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ipv6 -
    isatap.{E7375660-5034-409C-8521-43493973DA56} fe80::5efe:169.254.122.117 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ipv6 -
    isatap.{021AE238-AC31-45F6-9064-8107A28C49F0} fe80::5efe:192.168.185.100 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ipv6 -

    Copyright © 2020 Wazuh, Inc. Page 9 of 10


    info@wazuh.com
    https://wazuh.com

    Windows updates

    Update code
    KB3192137
    KB3211320
    KB3213986

    Copyright © 2020 Wazuh, Inc. Page 10 of 10

    You might also like