In this post I am going to explain what I’ve done to report on the status of Microsoft Defender on cluster nodes.
Why?
The reason I spent time on this, is that I couldn’t find an easy way to see if (and check that) Defender was running and being updated regularly. I don’t use SCCM or Intune, Azure Security Center doesn’t appear to have these details (and can be expensive) and so PowerShell was the best option, for me.
Approach
- Create PowerShell script to get details from servers
- Find visualisation tool to view status details
- Automate running of script and getting details to visualisation tool
PowerShell Script
For the script, I needed it to be able to run remotely as eventually it would be running from a central location and connect remotely to multiple clusters and nodes.
The script uses the ‘Get-MpComputerStatus’ cmdlet that provides the details for Defender and employs the -CimSession method of connecting to servers. An ordered Hash Table is created containing all the details needed and then the output can be controlled as per requirements, e.g. a table in the PowerShell console or outputted to CSV and html files, (my plan is to output to a csv and ingest that file into a database).
Script can be found here: https://github.com/hciharrison/scripts/blob/master/powershell/Get-DefenderDetails.ps1
To have the script output the details to a csv or html file, you can use the below syntax at the end of the script:
$datetime = (get-date -f yyyy-MM-dd-HHmm)
$Header = @"
<style>
TABLE {border-width: 1px; border-style: solid; border-color: black; border-collapse: collapse;}
TH {border-width: 1px; padding: 3px; border-style: solid; border-color: black; background-color: #6495ED;}
TD {border-width: 1px; padding: 3px; border-style: solid; border-color: black;}
</style>
"@
Get-DefenderDetails | ConvertTo-Html -Head $Header | Out-File -FilePath defender_details_report_$datetime.html -NoClobber
Get-DefednerDetails | Export-Csv -NoTypeInformation defender_details_report_$datetime.csvPost Disclaimer
The information contained in the posts in this blog site is for general information purposes only. The information in this post "Defender Status Reporting" is provided by "Lee Harrison's Technical Blog" and whilst we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the post for any purpose. Furthermore, it is always recommended that you test any related changes to your environments on non-production systems and always have a robust backup strategy in place.
Long time supporter, and thought I’d drop a comment.
Your wordpress site is very sleek – hope you don’t mind me
asking what theme you’re using? (and don’t mind if I steal it?
:P)
I just launched my site –also built in wordpress like yours– but the theme
slows (!) the site down quite a bit.
In case you have a minute, you can find it by searching for “royal cbd” on Google (would appreciate any feedback) – it’s still in the works.
Keep up the good work– and hope you all take care of yourself during the coronavirus scare!
Hi, thanks for the nice comments. I am using the “sparkling Theme by Colorlib” and for sure feel free to us it. I appreciate the ask and I did the same thing when I setup my blog as saw this theme on another blog and it just looked the sleekest to me 🙂
You take care too!