Compliance Packs (macOS) The Compliance Packs category encapsulates a suite of tailored solutions aimed at ensuring and reporting on the adherence to various security and compliance standards within the macOS environment. This includes, but is not limited to, monitoring and reporting on security configurations, software compliance, and other critical parameters essential for maintaining a robust security posture. Utilizing these compliance packs, organizations can seamlessly align with industry best practices, regulatory requirements, and internal security policies, thereby fostering a secure and compliant operational framework. Microsoft Defender Compliance Pack (macOS) Description This will be a guide to take FileWave usage one major step further than simply installing an application like Microsoft Defender. In this article you will see how to use Custom Fields, Smart Groups, Filesets, and Grafana to report on the status of your fleet. You can apply these ideas to other software solutions where you need to know if they are working, and to potentially fix them. Ingredients FileWave Central Microsoft Defender Recipe (macOS) Defender Custom Fields.customfields Defender Update Defs (macOS).fileset.zip Defender Run Scan (macOS).fileset.zip The Problem You are  managing hundreds or thousands of macOS or Windows  devices, and need to understand if your environment is secure. Today  you have  been told to deploy Microsoft Defender and to provide  reporting to your CISO demonstrating that you have Anti-Malware  protection in place, and that  it is  operating correctly. ​ What kind of installers are used? ​ How can the install be performed silently?  Fileset  Magic needed? ​ What is the deadline to have the product deployed? ​ Will it replace another product? ​ MacOS, Windows or both? ​ Get started with this like any other deployment project: ​ Ask the vendor for installation documentation - but  FileWave may also post some examples; Create a reverse timeline. Start small.​ Search the Internet for how others have reported on that product because FileWave can do anything scriptable. Test and Verify: Test. Test. Verify and then test again. ​ Deploy to 1 machine, then expand in growing waves so that you can stay ahead of issues.​​ Do you have an Early Adopters group of users who give feedback and are forgiving?​ Deployment The macOS side is often complicated by privacy controls,  but TCC Profiles can help. ​ These can either grant permission to an app or can give a  non-Admin user permission to allow what is needed.  Screen Recording used by TeamViewer is an example of  the latter.  For the Deployment phase see this article on installation: Microsoft Defender Recipe (macOS) ​ Reporting Queries/Reports are an easy way to  keep track of progress and  problems. We’ve made some  Custom Fields for Defender, and we  can leverage them to show who is  missing Defender. ​ FileWave  also has installed  application reporting but depending  on your needs and how that  application reports itself you can  consider either method. ​ To use the custom fields you will want to download Defender Custom Fields.customfields and then add them to your server. Do this in FileWave Central -> Assistants -> Custom Fields -> Edit Custom Field Definitions. Here you will click Import and then pick the file you downloaded. This file has fields that will work for both macOS and Windows. Once added you'll want to enable them for a couple of devices at first. To do that go to FileWave Central -> Clients and right click on a device and pick Edit Custom Field Associations. There you can check the boxes to enable these new fields. When you are happy with these Custom Fields, you'll want to go back to Edit Custom Field Definitions and pick "Assigned to all Devices" for each of the fields. Custom Fields based on scripts always need to be tested. Now that you have your Custom Fields in place you should have some results. You can see them by going to Clients -> Customize Columns in the Toolbar, and then adding a couple of the custom fields to just see their values. You could also double click on any device in Clients that has the field active and see the values on the Device Details tab.  Let's move on to making a Query in Central. Click the New Query button in the Toolbar. Ignore the copies of the field below with a "2" as this is my lab. Notice that I used "Defender Healthy" as a Custom Field to test if Defender is healthy. I want to make sure that the field is populated so I check that it's not null, and I want to find unhealthy so I'm going to look for devices where it is false. To find devices missing Defender notice that the App Version Custom Field can be used. If it is null (empty) then there is no Defender installed.  Remediation Remediation is of course fixing the elements that may be broken.  We can't predict a lot of times what may break, but we can make some guesses, and more importantly...learn from our production experiences.  (Defs not updating, services stopping, malware detected, etc). Application of remediation is likely to be the combination of smart groups, filesets, and sometimes just plain vanilla reports. Dashboards There are three parts to creating a dashboard, creating reports (inventory queries) to show data, getting that data to the dashboard (Prometheus scrape), and then displaying the data in the way you want (Grafana). yml_dashboard_files.zip Process: Bring in one YML file at a time, update it to match the proper report by ID and fields. Reference Using Prometheus YML Scrape Files Create the dashboard: Copy and Paste the JSON into a New dashboard: Dashboards->New->New Dashboard If there is a naming conflict or UID conflict, it will give you the opportunity to resolve. Dashboard JSON { "annotations": { "list": [ { "builtIn": 1, "datasource": { "type": "grafana", "uid": "-- Grafana --" }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, "id": 19, "links": [], "liveNow": false, "panels": [ { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 0 }, "id": 7, "panels": [], "title": "Overall Status", "type": "row" }, { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [], "unitScale": true }, "overrides": [ { "matcher": { "id": "byName", "options": "{__name__=\"filewave_inventory_query_55\", genericclient_ptr__operating_system__type=\"OSX\", instance=\"localhost:20443\", job=\"extra-config-https\", query_name=\"overall_os_breakdown\"}" }, "properties": [ { "id": "displayName", "value": "macOS" }, { "id": "color", "value": { "fixedColor": "blue", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "{__name__=\"filewave_inventory_query_55\", genericclient_ptr__operating_system__type=\"WIN\", instance=\"localhost:20443\", job=\"extra-config-https\", query_name=\"overall_os_breakdown\"}" }, "properties": [ { "id": "displayName", "value": "Windows" }, { "id": "color", "value": { "fixedColor": "light-purple", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 10, "w": 5, "x": 0, "y": 1 }, "id": 10, "links": [ { "targetBlank": true, "title": "", "url": "https://support2.filewave.net/filewave/reports/55/overview/" } ], "options": { "legend": { "displayMode": "list", "placement": "bottom", "showLegend": true }, "pieType": "pie", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "editorMode": "builder", "exemplar": false, "expr": "filewave_inventory_query_55", "instant": true, "legendFormat": "{{defender_healthy_fwcomp_pack}}", "range": false, "refId": "A" } ], "title": "Overall Desktop Device Breakdown", "type": "piechart" }, { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [], "unitScale": true }, "overrides": [ { "matcher": { "id": "byName", "options": "{__name__=\"filewave_inventory_query_56\", genericclient_ptr__operating_system__type=\"OSX\", instance=\"localhost:20443\", job=\"extra-config-https\", query_name=\"devices_without_defender\"}" }, "properties": [ { "id": "displayName", "value": "macOS" } ] }, { "matcher": { "id": "byName", "options": "{__name__=\"filewave_inventory_query_56\", genericclient_ptr__operating_system__type=\"WIN\", instance=\"localhost:20443\", job=\"extra-config-https\", query_name=\"devices_without_defender\"}" }, "properties": [ { "id": "displayName", "value": "Windows" } ] } ] }, "gridPos": { "h": 10, "w": 5, "x": 5, "y": 1 }, "id": 11, "links": [ { "targetBlank": true, "title": "", "url": "https://support2.filewave.net/filewave/reports/56/overview/" } ], "options": { "legend": { "displayMode": "list", "placement": "bottom", "showLegend": true }, "pieType": "pie", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "editorMode": "builder", "exemplar": false, "expr": "filewave_inventory_query_56", "instant": true, "legendFormat": "{{defender_healthy_fwcomp_pack}}", "range": false, "refId": "A" } ], "title": "Devices without Defender", "type": "piechart" }, { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "description": "Relative health of Microsoft Defender", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [], "unitScale": true }, "overrides": [ { "matcher": { "id": "byName", "options": "True" }, "properties": [ { "id": "color", "value": { "fixedColor": "green", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "False" }, "properties": [ { "id": "color", "value": { "fixedColor": "semi-dark-red", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 10, "w": 5, "x": 10, "y": 1 }, "id": 1, "links": [ { "targetBlank": true, "title": "", "url": "https://support2.filewave.net/filewave/reports/49/overview/" } ], "options": { "legend": { "displayMode": "list", "placement": "bottom", "showLegend": true }, "pieType": "pie", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "", "values": false }, "tooltip": { "mode": "single", "sort": "none" } }, "targets": [ { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "editorMode": "builder", "exemplar": false, "expr": "filewave_inventory_query_49{defender_healthy_fwcomp_pack=\"True\"}", "instant": true, "legendFormat": "{{defender_healthy_fwcomp_pack}}", "range": false, "refId": "A" }, { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "editorMode": "builder", "expr": "filewave_inventory_query_49{defender_healthy_fwcomp_pack=\"False\"}", "hide": false, "legendFormat": "{{defender_healthy_fwcomp_pack}}", "range": true, "refId": "B" } ], "title": "Defender Healthy?", "type": "piechart" }, { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": false, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [ { "matcher": { "id": "byName", "options": "__name__" }, "properties": [ { "id": "custom.width", "value": 290 }, { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "Time" }, "properties": [ { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "instance" }, "properties": [ { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "query_name" }, "properties": [ { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "Value" }, "properties": [ { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "job" }, "properties": [ { "id": "custom.hidden", "value": true } ] } ] }, "gridPos": { "h": 10, "w": 4, "x": 15, "y": 1 }, "id": 2, "links": [ { "targetBlank": true, "title": "", "url": "https://support2.filewave.net/filewave/reports/50/overview/" } ], "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [ { "desc": false, "displayName": "device_name" } ] }, "pluginVersion": "10.3.1", "targets": [ { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "editorMode": "builder", "exemplar": false, "expr": "filewave_inventory_query_50", "format": "table", "instant": true, "legendFormat": "{{device_name}}", "range": false, "refId": "A" } ], "title": "Unhealthy Defender Clients", "transformations": [], "type": "table" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 11 }, "id": 12, "panels": [], "title": "Threat Detection and Issues", "type": "row" }, { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [ { "matcher": { "id": "byName", "options": "Time" }, "properties": [ { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "Value" }, "properties": [ { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "query_name" }, "properties": [ { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "job" }, "properties": [ { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "device_name" }, "properties": [ { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "__name__" }, "properties": [ { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "instance" }, "properties": [ { "id": "custom.hidden", "value": true } ] }, { "matcher": { "id": "byName", "options": "defender_threats_detected_fwcomp_pack" }, "properties": [ { "id": "displayName", "value": "Threat Detected" } ] } ] }, "gridPos": { "h": 9, "w": 19, "x": 0, "y": 12 }, "id": 13, "links": [ { "targetBlank": true, "title": "Show Details", "url": "https://support2.filewave.net/filewave/reports/57/overview/" } ], "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true }, "pluginVersion": "10.3.1", "targets": [ { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "editorMode": "builder", "exemplar": false, "expr": "filewave_inventory_query_57", "format": "table", "instant": true, "legendFormat": "{{label_name}}", "range": false, "refId": "A" } ], "title": "Detected Threats", "type": "table" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 21 }, "id": 6, "panels": [], "title": "Windows", "type": "row" }, { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [] }, "gridPos": { "h": 10, "w": 8, "x": 0, "y": 22 }, "id": 4, "links": [ { "targetBlank": true, "title": "", "url": "https://support2.filewave.net/filewave/reports/52/overview/" } ], "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": false }, "orientation": "auto", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "editorMode": "builder", "exemplar": false, "expr": "filewave_inventory_query_52", "instant": true, "legendFormat": "{{defender_defs_version_fwcomp_pack}}", "range": false, "refId": "A" } ], "title": "Virus Defs Versions Windows", "type": "barchart" }, { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [] }, "gridPos": { "h": 10, "w": 9, "x": 8, "y": 22 }, "id": 9, "links": [ { "targetBlank": true, "title": "", "url": "https://support2.filewave.net/filewave/reports/54/overview/" } ], "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": false }, "orientation": "auto", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "editorMode": "builder", "exemplar": false, "expr": "filewave_inventory_query_54", "instant": true, "legendFormat": "{{defender_app_version_fwcomp_pack}}", "range": false, "refId": "A" } ], "title": "Defender Version Windows", "type": "barchart" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 32 }, "id": 5, "panels": [], "title": "macOS", "type": "row" }, { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [] }, "gridPos": { "h": 10, "w": 8, "x": 0, "y": 33 }, "id": 3, "links": [ { "targetBlank": true, "title": "", "url": "https://support2.filewave.net/filewave/reports/51/overview/" } ], "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": false }, "orientation": "auto", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "editorMode": "builder", "exemplar": false, "expr": "filewave_inventory_query_51", "instant": true, "legendFormat": "{{defender_defs_version_fwcomp_pack}}", "range": false, "refId": "A" } ], "title": "Virus Defs Versions macOS", "type": "barchart" }, { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "description": "", "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null }, { "color": "red", "value": 80 } ] }, "unitScale": true }, "overrides": [] }, "gridPos": { "h": 10, "w": 9, "x": 8, "y": 33 }, "id": 8, "links": [ { "targetBlank": true, "title": "", "url": "https://support2.filewave.net/filewave/reports/53/overview/" } ], "options": { "barRadius": 0, "barWidth": 0.97, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": false }, "orientation": "auto", "showValue": "auto", "stacking": "none", "tooltip": { "mode": "single", "sort": "none" }, "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "targets": [ { "datasource": { "type": "prometheus", "uid": "filewave_prometheus" }, "editorMode": "builder", "exemplar": false, "expr": "filewave_inventory_query_53", "instant": true, "legendFormat": "{{defender_app_version_fwcomp_pack}}", "range": false, "refId": "A" } ], "title": "Defender Version macOS", "type": "barchart" } ], "refresh": "", "schemaVersion": 39, "tags": [], "templating": { "list": [] }, "time": { "from": "now-6h", "to": "now" }, "timepicker": {}, "timezone": "", "title": "Defender Dashboard", "uid": "c26006b5-0295-4ec0-9b54-3efd3d714a9f", "version": 1, "weekStart": "" } And now, we have to fix the data sources. Related Content Microsoft Defender Recipe (macOS) Microsoft Defender Recipe (Win) Microsoft Defender Compliance Pack (Win)