Merge pull request #347 from tclahr/new_artifacts

new nmcli.yaml artifact

Author: tclahr

CHANGELOG.md

@@ -31,6 +31,7 @@ All notable changes to this project will be documented in this file.
 - `files/system/kactivitymanagerd.yaml`: Added collection of activity tracking data from KActivityManager [freebsd, linux, netbsd, openbsd].
 - `files/system/upstart.yaml`: Added collection of system-wide and user-session Upstart configuration files [linux].
 - `files/system/xdg_autostart.yaml`: Added collection of system-wide and user-specific XDG autostart files [linux].
+- `live_response/network/nmcli.yaml`: Added displaying information from network connections managed by NetworkManager [linux].
 - `live_response/packages/0install.yaml`: Added collection of installed packages managed by Zero Install [linux]. (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal))
 - `live_response/packages/apk.yaml`: Added collection of installed packages managed by apk package manager [linux]. (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal))
 - `live_response/packages/cargo.yaml`: Added collection of installed packages managed by cargo [all]. (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal))
@@ -66,6 +67,7 @@ All notable changes to this project will be documented in this file.
 - `live_response/packages/swupd.yaml`: Updated to list all available bundles for the current version of Clear Linux [linux]. (by [Pierre-Gronau-ndaal](https://github.com/Pierre-Gronau-ndaal))
 - `live_response/process/ps.yaml`: Updated to collect the system date before reporting a snapshot of the current processes including elapsed time since the process was started [all].
 - `live_response/system/falconctl.yaml`: Updated as `falconctl -g` is no longer a valid option [linux, macos].
+- `memory_dump/avml.yaml`: Updated output file name from avml.raw to avml.lime [linux].
 
 ### Fixed
 

README.md

@@ -53,7 +53,7 @@ Whether you're handling an intrusion, conducting forensic investigations, or per
 - 🔒 Adheres to the order of volatility to ensure reliable data acquisition.
 - 🛠 Designed for diverse environments, including IoT devices and NAS systems.
 
-![UAC in Action](https://tclahr.github.io/uac-docs/img/uac_3_collection.gif)
+![UAC in Action](https://tclahr.github.io/uac-docs/img/uac_collection.gif)
 
 ## 📘 Documentation
 
@@ -69,6 +69,7 @@ Full documentation is available at the [project documentation page](https://tcla
 - Extract files and directories status to create a bodyfile.
 - Collect system and user-specific data, configuration files, and logs.
 - Acquire volatile memory from Linux systems using different methods and tools.
+- Support to write output to various cloud platforms.
 
 ## 💾 Supported Operating Systems
 

artifacts/live_response/network/nmcli.yaml

@@ -0,0 +1,41 @@
+version: 1.0
+condition: command_exists "nmcli"
+output_directory: /live_response/network
+artifacts:
+  -
+    description: Display network connections managed by NetworkManager.
+    supported_os: [linux]
+    collector: command
+    command: nmcli
+    output_file: nmcli.txt
+  -
+    description: List in-memory and on-disk connection profiles, some of which may also be active if a device is using that connection profile.
+    supported_os: [linux]
+    collector: command
+    command: nmcli connection show
+    output_file: nmcli_connection_show.txt
+  -
+    description: Show detailed information about all devices.
+    supported_os: [linux]
+    collector: command
+    command: nmcli device show
+    output_file: nmcli_device_show.txt
+  -
+    description: Print status of all devices.
+    supported_os: [linux]
+    collector: command
+    command: nmcli device status
+    output_file: nmcli_device_status.txt
+  -
+    description: Show overall status of NetworkManager.
+    supported_os: [linux]
+    collector: command
+    command: nmcli general status
+    output_file: nmcli_general_status.txt
+  -
+    description: Show radio switches status.
+    supported_os: [linux]
+    collector: command
+    command: nmcli radio all
+    output_file: nmcli_radio_all.txt
+  

artifacts/memory_dump/avml.yaml

@@ -1,8 +1,8 @@
-version: 2.0
+version: 2.1
 output_directory: /memory_dump
 artifacts:
   -
     description: Capture a memory image.
     supported_os: [linux]
     collector: command
-    command: avml avml.raw
+    command: avml avml.lime