Create Windows.Sys.BitLocker.yaml (#729)

Get BitLocker volumes, including keys, using PowerShell.

content/exchange/artifacts/Windows.Sys.BitLocker.yaml

@@ -0,0 +1,32 @@
+name: Windows.Sys.BitLocker
+author: Zane Gittins
+description: |
+   This artifact gets all Bitlocker volumes using PowerShell, including the recovery password.
+
+# Can be CLIENT, CLIENT_EVENT, SERVER, SERVER_EVENT
+type: CLIENT
+
+sources:
+  - precondition:
+      SELECT OS From info() where OS = 'windows'
+
+    query: |
+        LET PowershellScript = '''$Results = @()
+        $BitlockerVolumes = Get-BitLockerVolume
+        $BitlockerVolumes |
+        ForEach-Object {
+            $RecoveryKey = [string]($_.KeyProtector).RecoveryPassword
+            # Only add results with valid recovery keys.
+            if ($RecoveryKey.Length -gt 5) {
+                $_ | Add-Member -MemberType NoteProperty -Name "RecoveryPassword" -Value $RecoveryKey
+                $Results += $_
+            }
+        }
+        return ($Results | ConvertTo-Json)'''
+        SELECT * FROM foreach(
+          row={
+            SELECT Stdout FROM execve(argv=["Powershell", "-ExecutionPolicy",
+                "unrestricted", "-c", PowershellScript], length=1000000)
+          }, query={
+            SELECT * FROM parse_json_array(data=Stdout)
+        })