Skip to content

Commit

Permalink
Updated documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
@ishans-crest
ishans-crest committed Dec 18, 2024
1 parent 2507f21 commit 10613e4
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 22 deletions.
33 changes: 21 additions & 12 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,23 +134,32 @@ which you can optionally use to retrieve the output of that command at a later t
To authenticate using SSL certificates, select `certificate` as the authentication method in the asset configuration and provide the following configuration parameters:
- **Path to SSL certificate PEM file** - A path to signed certificate file that is trusted by the Windows instance, in PEM format
- **Path to SSL certificate PEM file** - The path to the signed certificate file that is trusted by the Windows instance, in PEM format.
- **Path to SSL key file** - A filepath to key used to generate cert_pem file
- **Path to SSL key file** - The path to the key file used to generate the `cert_pem` file.
- **Path to trusted CRT file** - The certificate of the certificate authority that signed cert_file. It's needed only when you set up your own certificate authority.
- **Path to trusted CRT file** - The certificate of the certificate authority that signed the certificate file. This is needed only if you are using your own certificate authority.
It is recommended to place these files under the <PHANTOM_HOME>/etc/ssl/ directory. Ensure that these files are readable by the phantom-worker user.
It is recommended to place these files under the `<PHANTOM_HOME>/etc/ssl/` directory. Ensure that these files are readable by the `phantom-worker` user.
Steps to Enable [Certificate Authentication](https://learn.microsoft.com/en-us/troubleshoot/windows-client/system-management-components/configure-winrm-for-https) in WinRM:
#### Steps to Enable [Certificate Authentication](https://learn.microsoft.com/en-us/troubleshoot/windows-client/system-management-components/configure-winrm-for-https) in WinRM:
- Check if Certificate Authentication is enabled: `winrm get winrm/config/service/auth`
- Enable Certificate Authentication if not already enabled: `winrm set winrm/config/service/auth '@{Certificate="true"}'`
- Check if Certificate Authentication is enabled:
```
winrm get winrm/config/service/auth
```
[Import the Certificate](https://learn.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2025-ps) to Trusted [Certificate Stores](https://learn.microsoft.com/en-us/windows-hardware/drivers/install/certificate-stores).
- Enable Certificate Authentication if it is not already enabled:
```
winrm set winrm/config/service/auth '@{Certificate="true"}'
```
Link certificate to user account, enabling secure authentication using the certificate :
`New-Item -Path WSMan:\localhost\ClientCertificate -Subject '<subject>' -URI * -Issuer <Thumbprint> -Credential (Get-Credential) -Force`
- [Import the Certificate](https://learn.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2025-ps) into Trusted [Certificate Stores](https://learn.microsoft.com/en-us/windows-hardware/drivers/install/certificate-stores).
- Link the [client certificate](https://learn.microsoft.com/en-us/powershell/module/microsoft.wsman.management/about/about_wsman_provider?view=powershell-7.4#creating-a-new-client-certificate) to the user account for enabling secure authentication using the certificate by running this command:
```
New-Item -Path WSMan:\localhost\ClientCertificate -URI * -Issuer <Thumbprint> -Credential (Get-Credential) -Force
```
### Kerberos Authentication
Expand All @@ -168,8 +177,8 @@ You'll also need to setup your instance to support Kerberos:
run `kinit` periodically to refresh the ticket for the user, alternatively `keytab` file can be created on server and used on client for connectivity.
### Configuration variables
This table lists the configuration variables required to operate Windows Remote Management. These variables are specified when configuring a Windows Remote Management asset in Splunk SOAR.
### Configuration Variables
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Windows Remote Management asset in SOAR.
VARIABLE | REQUIRED | TYPE | DESCRIPTION
-------- | -------- | ---- | -----------
Expand Down
29 changes: 19 additions & 10 deletions manual_readme_content.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,23 +122,32 @@ which you can optionally use to retrieve the output of that command at a later t
To authenticate using SSL certificates, select `certificate` as the authentication method in the asset configuration and provide the following configuration parameters:
- **Path to SSL certificate PEM file** - A path to signed certificate file that is trusted by the Windows instance, in PEM format
- **Path to SSL certificate PEM file** - The path to the signed certificate file that is trusted by the Windows instance, in PEM format.
- **Path to SSL key file** - A filepath to key used to generate cert_pem file
- **Path to SSL key file** - The path to the key file used to generate the `cert_pem` file.
- **Path to trusted CRT file** - The certificate of the certificate authority that signed cert_file. It's needed only when you set up your own certificate authority.
- **Path to trusted CRT file** - The certificate of the certificate authority that signed the certificate file. This is needed only if you are using your own certificate authority.
It is recommended to place these files under the <PHANTOM_HOME>/etc/ssl/ directory. Ensure that these files are readable by the phantom-worker user.
It is recommended to place these files under the `<PHANTOM_HOME>/etc/ssl/` directory. Ensure that these files are readable by the `phantom-worker` user.
Steps to Enable [Certificate Authentication](https://learn.microsoft.com/en-us/troubleshoot/windows-client/system-management-components/configure-winrm-for-https) in WinRM:
#### Steps to Enable [Certificate Authentication](https://learn.microsoft.com/en-us/troubleshoot/windows-client/system-management-components/configure-winrm-for-https) in WinRM:
- Check if Certificate Authentication is enabled: `winrm get winrm/config/service/auth`
- Enable Certificate Authentication if not already enabled: `winrm set winrm/config/service/auth '@{Certificate="true"}'`
- Check if Certificate Authentication is enabled:
```
winrm get winrm/config/service/auth
```
[Import the Certificate](https://learn.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2025-ps) to Trusted [Certificate Stores](https://learn.microsoft.com/en-us/windows-hardware/drivers/install/certificate-stores).
- Enable Certificate Authentication if it is not already enabled:
```
winrm set winrm/config/service/auth '@{Certificate="true"}'
```
Link certificate to user account, enabling secure authentication using the certificate :
`New-Item -Path WSMan:\localhost\ClientCertificate -Subject '<subject>' -URI * -Issuer <Thumbprint> -Credential (Get-Credential) -Force`
- [Import the Certificate](https://learn.microsoft.com/en-us/powershell/module/pki/import-certificate?view=windowsserver2025-ps) into Trusted [Certificate Stores](https://learn.microsoft.com/en-us/windows-hardware/drivers/install/certificate-stores).
- Link the [client certificate](https://learn.microsoft.com/en-us/powershell/module/microsoft.wsman.management/about/about_wsman_provider?view=powershell-7.4#creating-a-new-client-certificate) to the user account for enabling secure authentication using the certificate by running this command:
```
New-Item -Path WSMan:\localhost\ClientCertificate -URI * -Issuer <Thumbprint> -Credential (Get-Credential) -Force
```
### Kerberos Authentication
Expand Down

0 comments on commit 10613e4

Please sign in to comment.