Windows Endpoint Intelligence Gathering

Problem Overview

IT professionals and MSPs often need to quickly gather key system information for troubleshooting, security audits, or tracking lost/stolen devices. Manually retrieving this data can be time-consuming, especially in incident response situations. This script automates the process, providing essential system intelligence in seconds.

Description

This script gathers crucial details about a Windows endpoint, including:

• System Information – Runs systeminfo to collect OS details, hardware specs, and uptime.
• Local Network Data – Uses ipconfig /all to list network adapters, IP addresses, and DNS details.
• Public IP Address – Fetches the external IP with geo based DNS lookup.
• Wi-Fi Networks – Lists all visible wireless networks using netsh wlan show networks mode=bssid.
• ARP Table – Displays active ARP cache entries to help identify devices on the local network.

With just one execution, this script provides a comprehensive snapshot of an endpoint’s network and system state, making it invaluable for asset tracking, security investigations, and network troubleshooting.

Script

<#
This resource is provided as a convenience for Level users. We cannot 
guarantee it will work in all environments. Please test before deploying 
to your production environment. We welcome contributions to our community 
library

Level Library
https://level.io/library/script-windows-endpoint-intelligence-gathering
#>

# Get System Details
systeminfo

# Get Local IP
ipconfig /all

# Get Remote IP
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
(iwr https://ip.level.io/json -UseBasicParsing).Content.Trim()

#Get list of all visible wireless networks
netsh wlan show networks mode=bssid

#Get ARP table
arp -a

Use Cases

• Lost or Stolen Endpoint Recovery – Pair with automation workflows to retrieve device location details.
• Security & Compliance Audits – Collect network and system data for security assessments.
• Troubleshooting Network Issues – Identify misconfigured or conflicting network settings.
• Asset Management & Inventory – Gather system information for IT documentation.
• Incident Response – Quickly obtain device intel during a security event.

Recommendations

• Pair with Lost/Stolen Endpoint Automation – Automate script execution when an endpoint is marked as missing.
• Test in a Lab Environment – Before deploying, verify expected results in a controlled environment.
• Schedule for Routine Audits – Automate periodic execution to monitor system and network changes.

FAQ

• How do I run this script?
  ‍Simply execute it in from within Level.

• Can this script locate a stolen device?
  ‍While it gathers key network details, tracking requires additional geolocation tools. Pairing with Level’s lost/stolen endpoint automation is recommended.

• Will this work on all Windows versions?
  ‍Yes, it is compatible with all modern Windows versions (Windows 10/11, Windows Server 2016+).

• Do I need to install any dependencies?
  ‍No, all commands utilize built-in Windows utilities.

• Can I modify this script to collect additional data?
  ‍Absolutely! You can extend the script by adding more PowerShell commands to suit your needs.