https://github.com/jsecurity101/ETWInspector
An Event Tracing for Windows (ETW) tool that allows you to enumerate Manifest & MOF providers, as well as collect events from desired providers.
No Agent, No Problem: Discovering Remote EDR
While ETW has been thoroughly explored in the security community, the ability to remotely enumerate, create, and manipulate data collector sets via DCOM interfaces introduces a world of novel possibilities. The ability to collect rich data remotely, without dropping an agent to disk. The ability to capture system configurations without dropping an agent to disk. As well as, the ability to modify running sessions/data collectors remotely.