Script to test for virus activity and to create ticket

Defender for Automate Software Documentation project.
Post Reply
User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Script to test for virus activity and to create ticket

Post by Cubert »

We had someone ask if there was a means to ticket on virus activity.

Here is a script that you can execute on any agent online or offline (its only looking at automate database and ticketing)

I would set it to once or twice a day. If more than once a day you may get duplicate viral notices. If no viral activity for the day is seen no tickets are created. I would take 2 notices over missing a notice at the end of the day because I only ran once per day. I would run at noon and 4 maybe...


Feel free to edit the script and change anything you want or add some more steps. Script imports to scripts\plugins4automate\Windows Defender Virus Ticket Creation and is set to run on offline agents.




Script XML zipped

Windows Defender Virus Ticket Creation.zip
(2.2 KiB) Downloaded 151 times

Here is what is created when a virus is detected and cleaned or has a "success" value. If not then the tick will remain open and not be closed. An Alert on agent is also issued at that point.
ticketing.png
ticketing.png (62.32 KiB) Viewed 4050 times

Post Reply

Return to “Defender Documentation”