I saw one of the speakers of Kansa recently, speaking about their project. Bryan tweeted about that talk:
[…] Kansa is a modular incident response framework in Powershell. It uses Powershell Remoting to run user contributed, ahem, user contributed modules across hosts in an enterprise to collect data for use during incident response, breach hunts, or for building an environmental baseline. […]
Kansa kindof reminds me of a Windows-centric, PowerShell-centric version of OSquery. 🙂 It runs a remote powershell with various scripts on all the remote systems, and gathers the data into CSVs for analysis. It has multiple plugins. IMO, it needs many new firmware-related plugins (eg, one for the x-UEFI Configuration Database, etc.).