Stafford
Pre-release
Full changelog since previous release:
Quick hits:
Kansa.ps1 has several new command line parameters, including:
- -OutputFormat, an optional parameter that takes an argument that specifies the format of collected output. Valid values are CSV, JSON, TSV and XML (yuck).
- -UseSSL, if present, this will be passed to the New-PSSession call and remote sessions will use Secure Sockets Layer. Note this does require that you've installed appropriate certificates.
- -Port, an optional parameter that takes a port number. Use this when WinRM is configured to listen on a non-standard port.
- -Authentication, an optional parameter that takes an argument that specifies what authentication mechanism should be used. Kerberos is still the default, but all WinRM authentication mechanisms are now supported. You can even do risky things like Basic or CredSSP, but I wouldn't recommend it.
- -JSONDepth, an optional parameter that takes an integer argument specifying the level of depth for object serialization to JSON.
A note on OutputFormat:
The -OutpufFormat parameter above is a big change. Previously Kansa.ps1 would parse the SYNOPSIS section looking for an "OUTPUT" directive and save the data for that collector accordingly. This is no longer the case. Now when you run Kansa.ps1 all collected data will be returned in the same format with CSV as the default. You might be wondering how things like binary files are returned as CSV. In this version of Kansa, those binary files are serialized and saved as an object property. You will have to deserialize them using Analysis\Deserialize-KansaField.ps1 in order to analyze those binary files. This is a major change.
I'll have a blog post coming with more details on these changes and why they were made over at http://trustedsignal.blogspot.com, hint: you can now run Kansa against non-domain joined assets, including VMs in Azure. I'll update the release notes with the full URL once the post is published.