Using Powershell To Enumerate Information on Windows Defender and Firewalls

Hi everyone! Here are a few commands used in enumeration of firewalls and Windows Defender. 

The Get-NetFirewallProfile is useful in determing what type of firewalls are configured in the network. It also shows other important configurations listed in the screenshot. 

If you are looking for threats detected by Windows Defender, Powershell offers a cmdlet to find that information. It gives important information such as filename, if the file executed, the category ID, name of the threat, and severity. All of this information is useful for when you need to understand more about a threat. 

The Get-NetFirewallRule | findstr "<firewall rule>" (I got this from TryHackMe which explains the naming of the rule) outputs the rule specified. Shown here is the inbound port of 17337.