Adalanche merges multiple data sources during analysis. Local machine data adds deep context (users, groups, rights, services, executables, registry keys, shares, software, sessions, and more).
Collector runs are lightweight and typically quick. Elevated rights provide better coverage.
The dedicated collector binary is intended for broad Windows compatibility.
Usage example:
adalanche-collector --datapath \\some\unc\path collect localmachineYou can also collect local machine data with the main binary where supported:
adalanche collect localmachineNote: command availability can depend on build target/platform. Confirm on your build with:
adalanche collect --helpA common approach is deploying through GPO scheduled tasks, but any orchestration works (for example Intune, PsExec, NetExec).
Suggested approach:
- Create a share for the binary
- Create a share for output data files
- Orchestrate with a scheduled task
Recommended task settings:
- Run as
SYSTEMwith elevated rights - Trigger at startup, logon, or interval
- Enable cleanup when policy no longer applies
After collection, copy result files from the share into your analysis datapath (for example with robocopy or rsync).