05 Jun 2023 12:47 PM - edited 05 Jun 2023 12:51 PM
Hello, so there has been a situation when some of our servers had disabled Virus & threat protection and App & browser control in Windows Security settings. There should be an event id 1151 logged in Windows security event log, but unfortunately the logs were short so I didn't find it. There are windows commands which can show it:
Get-MpComputerStatus|select IsTamperProtected,RealTimeProtectionEnabled
Get-MpPreference|select PUAProtection
I want to be able to see status of those components via Dynatrace and be notified if it changes. Is that possible?
Solved! Go to Solution.
05 Jun 2023 01:28 PM
Hi,
To do this, you can write your own plug-in that will check the firewall status of the system and return information to DT via API. You will then create alert thresholds for a certain value.
Another idea is Grail - if you have a SaaS version of DT, you can connect to the system log and create relevant metrics in DT.
Radek