cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

monitor windows Defender components status?

McVitas
Participant

Hello, so there has been a situation when some of our servers had disabled Virus & threat protection and App & browser control in Windows Security settings. There should be an event id 1151 logged in Windows security event log, but unfortunately the logs were short so I didn't find it. There are windows commands which can show it:

Get-MpComputerStatus|select IsTamperProtected,RealTimeProtectionEnabled

Get-MpPreference|select PUAProtection

 

I want to be able to see status of those components via Dynatrace and be notified if it changes. Is that possible?

McVitas_0-1685965160167.png

 

 

1 REPLY 1

radek_jasinski
DynaMight Guru
DynaMight Guru

Hi,

To do this, you can write your own plug-in that will check the firewall status of the system and return information to DT via API. You will then create alert thresholds for a certain value.

Another idea is Grail - if you have a SaaS version of DT, you can connect to the system log and create relevant metrics in DT.

Radek

Have a nice day!

Featured Posts