Windows Defender Threats

Windows Defender Threats

Description

This plugin checks if there were any threats detected by Windows Defender or System Center Endpoint Protection. If one or more threats are found, the service will enter a critical state and display the number of threats found, the filenames, the usernames, and the date and time when the threats were detected.

You can acknowledge threats using a rule called "Defender acknowledged threats". Simply add some Detection IDs to this rule, and the threats related to these Detection IDs will no longer trigger alarms. The format of a Detection ID looks like 3F7AD35-C2F3-4C81-A7D7-4C67A1D10CC4.

Automatic inventory is supported. Install the agent, and the rest will be done automatically. One service will be called "AV threats Defender" (for Windows Defender) or "AV threats SCEP".


V1.0.1: fixed an issue in the windows agent plugin with english date/time formats
V1.0.2: fixed an issue with white spaces in the user name

Latest Version

Version: 1.0.2
Packaged at: 02 Feb 2024
Created on Checkmk version: 2.1.0p32
Minimum Checkmk version required: 2.0.0p2
MKP MD5 hash: 920c0c430240e68834aef587ad3aaef6
This version requires Checkmk version 2.0.0 or higher
Agent Based
  • spit_defender_threats.py
Agents
  • windows/plugins/spit_defender_threats.ps1
Check Manuals
  • spit_defender_threats
Libraries
  • check_mk/base/cee/plugins/bakery/spit_defender_threats_agent_bakery.py
GUI Extensions
  • plugins/wato/spit_defender_threats_bakery_rule.py
  • plugins/wato/spit_defender_threats_parameters.py
  • Version: 1.0.2
    Packaged at: 02 Feb 2024
    Created on Checkmk version: 2.1.0p32
    Minimum Checkmk version required: 2.0.0p2
    MKP MD5 hash: 920c0c430240e68834aef587ad3aaef6
    Description:
    Agent Based
    • spit_defender_threats.py
    Agents
    • windows/plugins/spit_defender_threats.ps1
    Check Manuals
    • spit_defender_threats
    Libraries
    • check_mk/base/cee/plugins/bakery/spit_defender_threats_agent_bakery.py
    GUI Extensions
    • plugins/wato/spit_defender_threats_bakery_rule.py
    • plugins/wato/spit_defender_threats_parameters.py
  • Version: 1.0.1
    Packaged at: 31 Jan 2024
    Created on Checkmk version: 2.1.0p32
    Minimum Checkmk version required: 2.0.0p2
    MKP MD5 hash: 0a01474fe4ecc287e9999e8226342c22
    Description:
    Agent Based
    • spit_defender_threats.py
    Agents
    • windows/plugins/spit_defender_threats.ps1
    Check Manuals
    • spit_defender_threats
    Libraries
    • check_mk/base/cee/plugins/bakery/spit_defender_threats_agent_bakery.py
    GUI Extensions
    • plugins/wato/spit_defender_threats_bakery_rule.py
    • plugins/wato/spit_defender_threats_parameters.py
  • Version: 1.0.0
    Packaged at: 10 Apr 2023
    Created on Checkmk version: 2.1.0p2
    Minimum Checkmk version required: 2.0.0p2
    MKP MD5 hash: 03d0f6923cf6441de6e4f4c2ae835448
    Description:
    Agent Based
    • spit_defender_threats.py
    Agents
    • windows/plugins/spit_defender_threats.ps1
    Check Manuals
    • spit_defender_threats
    Libraries
    • check_mk/base/cee/plugins/bakery/spit_defender_threats_agent_bakery.py
    GUI Extensions
    • plugins/wato/spit_defender_threats_bakery_rule.py
    • plugins/wato/spit_defender_threats_parameters.py
  • rjongen 26-01-2024
    I am very happy with this check!
    I do have some issues when Defender found some issues on a device and now I keep having crash reports for this check on those servers which will not disappear. On the server is no active threat. I updated our CMK site to p18 recently, maybe there is some incompitabilty with the check at this moment?
    I emailed Michael with more details already

By downloading packages from the Checkmk Exchange you agree to our Terms of Use.