In this post I am going to explain what I’ve done to report on the status of Microsoft Defender on cluster nodes.
Why?
The reason I spent time on this, is that I couldn’t find an easy way to see if (and check that) Defender was running and being updated regularly. I don’t use SCCM or Intune, Azure Security Center doesn’t appear to have these details (and can be expensive) and so PowerShell was the best option, for me.
Approach
- Create PowerShell script to get details from servers
- Find visualisation tool to view status details
- Automate running of script and getting details to visualisation tool
PowerShell Script
For the script, I needed it to be able to run remotely as eventually it would be running from a central location and connect remotely to multiple clusters and nodes.
The script uses the ‘Get-MpComputerStatus’ cmdlet that provides the details for Defender and employs the -CimSession method of connecting to servers. An ordered Hash Table is created containing all the details needed and then the output can be controlled as per requirements, e.g. a table in the PowerShell console or outputted to CSV and html files, (my plan is to output to a csv and ingest that file into a database).
Script can be found here: https://github.com/hciharrison/scripts/blob/master/powershell/Get-DefenderDetails.ps1
To have the script output the details to a csv or html file, you can use the below syntax at the end of the script:
$datetime = (get-date -f yyyy-MM-dd-HHmm)
$Header = @"
<style>
TABLE {border-width: 1px; border-style: solid; border-color: black; border-collapse: collapse;}
TH {border-width: 1px; padding: 3px; border-style: solid; border-color: black; background-color: #6495ED;}
TD {border-width: 1px; padding: 3px; border-style: solid; border-color: black;}
</style>
"@
Get-DefenderDetails | ConvertTo-Html -Head $Header | Out-File -FilePath defender_details_report_$datetime.html -NoClobber
Get-DefednerDetails | Export-Csv -NoTypeInformation defender_details_report_$datetime.csv
Long time supporter, and thought I’d drop a comment.
Your wordpress site is very sleek – hope you don’t mind me
asking what theme you’re using? (and don’t mind if I steal it?
:P)
I just launched my site –also built in wordpress like yours– but the theme
slows (!) the site down quite a bit.
In case you have a minute, you can find it by searching for “royal cbd” on Google (would appreciate any feedback) – it’s still in the works.
Keep up the good work– and hope you all take care of yourself during the coronavirus scare!
Hi, thanks for the nice comments. I am using the “sparkling Theme by Colorlib” and for sure feel free to us it. I appreciate the ask and I did the same thing when I setup my blog as saw this theme on another blog and it just looked the sleekest to me 🙂
You take care too!