FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

monitor windows Defender components status?

Go to solution
McVitas
Participant

‎05 Jun 2023 12:47 PM - edited ‎05 Jun 2023 12:51 PM

Hello, so there has been a situation when some of our servers had disabled Virus & threat protection and App & browser control in Windows Security settings. There should be an event id 1151 logged in Windows security event log, but unfortunately the logs were short so I didn't find it. There are windows commands which can show it:

Get-MpComputerStatus|select IsTamperProtected,RealTimeProtectionEnabled

Get-MpPreference|select PUAProtection

 

I want to be able to see status of those components via Dynatrace and be notified if it changes. Is that possible?

McVitas_0-1685965160167.png

 

 

Labels:
0 Kudos
Reply
1 REPLY 1

Go to solution
radek_jasinski
DynaMight Guru
DynaMight Guru

‎05 Jun 2023 01:28 PM

Hi,

To do this, you can write your own plug-in that will check the firewall status of the system and return information to DT via API. You will then create alert thresholds for a certain value.

Another idea is Grail - if you have a SaaS version of DT, you can connect to the system log and create relevant metrics in DT.

Radek

Have a nice day!
Reply
Ask a question

Featured Posts