Checks the configured domain name on each endpoint
name: Windows.Registry.Domain
description: Checks the configured domain name on each endpoint
author: Angry-bender
precondition: SELECT OS From info() where OS = 'windows'
parameters:
- name: DomainHive
default: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain
sources:
- queries:
- |
SELECT
ModTime,
OSPath.Dirname as registry_key,
OSPath.Basename as registry_name,
Data.value as registry_value
FROM glob(globs=DomainHive, accessor="registry")