Using the Responder Sweep Tool

Using the Responder Sweep Tool

The responder - or sweep sensor functionality - is designed for incident responders or any one else trying to get the ground truth on a box.

With one click of a button you can get list of processes and modules, a list of any unsigned binary code, autoruns, services, drivers, network connections, which sockets are listening on which ports and what is active on the network. It will also look for hidden modules or any indicators that are new to your organization.

It is an easy and effective way to start an investigation.

General Links



Free Education:

Course Playlists

Basic Detection & Response:

Advanced Detection & Response:

Secure Access Service Edge:

Leveraging Community Resources:

Setting up An MSSP:

Using the CLI & SDK:

Ingesting Log Files & Artifacts:

Zeek Network Monitoring:

Incident Response:

Real-time Windows Event Logs:

Responding to HAFNIUM:

The Add-on Marketplace:

Social Media

Community Slack Channel: