HR - Post Termination Computer Inventory
Company Profile
Fortune 500 Software Company with 10,000+ employees
Problem
Upon termination, it is difficult and time consuming to obtain a complete inventory of software for an employee's computer (laptop or desktop). This problem is compounded by multiple employee terminations in the same day or week and/or by having to involve multiple departments (HR/IT) in order to create a retained report.
Solution
A full endpoint inventory can be completed for any computer running the Heureka endpoint service. The easy-to-use interface allows HR personnel to run a search and create a report that can be retained for each terminated employee and automatically includes all file owners (logins) that may have been used on the endpoint computer.
Interrogate Workflow - Computer Inventory Report (User Defined)
You can easily create an endpoint inventory report by searching for everything (no filters). Follow the steps below to create your search and export the report.
Search
Begin by verifying the endpoint on which to run a complete inventory. A full list of available endpoints can be found on the Interrogate endpoint configuration page. Once identified, follow the steps below.
- Create a Job and Search in Interrogate.
- Select the desired endpoints you would like to search.
- For this use case, we are looking for all hash groups currently in the system. Click "Select All" on the File > Hash area.
- Select "Search" and input name.
Analyze
If the endpoint(s) begin to stream results back to your search result page, you will see file-level information such as File Name, Risk Score, Tags, File Path, etc, in the Grid Results area. When scanning for IOC's, the indication of a returned file may indicate an infected endpoint. Action should be taken on the endpoint.
Take Action
A returned file from the IOC hash groups may be an indication that you could have a potentially infected computer(s). Looking at the computer name, file owner and local file path as well as extension will help you or you IT department track down the exact location of the potentially infected file.