# Compliance Packs Compliance Packs are for meeting security and regulatory requirements. They include things like deploying and reporting on the status of Microsoft Defender. They are meant to be used at any time to add to enhancing your security posture. # MSFT Defender Reporting - Content Pack ## Description **About Content Packs:** FileWave is immensely powerful, but can be daunting when it comes to stitching the various components together. Content packs are meant to give you a leg-up in creating distributable content and are also a great way to learn by example! Each content pack is meant to be a "whole solution", putting together all of the pieces of FileWave to accomplish a goal. **About This Content Pack:** This FileWave Content Pack focuses on **reporting** on Microsoft Defender Compliance, and gives you some really great custom field data and a dashboard built on the very same to show Defender is behaving in your environment. The purpose of this pack is provide the information you need to proactively manage your environment and is comprised of all of the contents listed below: ## What You Get in this Content Pack This content pack provides: #### Custom Fields: "Custom Fields" are a terrific way to extend the "inventory attributes" of your devices. In this content pack we have included: - - - - **Defender App Version:** Reads the version of the Defender App installed on the device (macOS/Windows) - **Defender Defs Version:** Reads the version of the Defender Definitions installed on the device (macOS/Windows) - **Defender Defs Date:** Reads the date of the Defender Defs installed on the device (macOS/Windows) - **Defender Engine Version:** Reads the version of the Defender Engine installed on the device (macOS/Windows) - **Defender Health:** At a high level indicates whether Defender is "healthy" on this device (macOS/Windows) - **Defender Threats Detected:** Reads the threats log on the device (macOS/Windows) - **Defender Detailed Status:** Gives verbose status on the Defender client (macOS/Windows)
Note that the following report and dashboard are based upon the above custom fields. Those custom fields will only populate when the clients report in, so initially your report and dashboard will be empty, but will soon populate.
#### Reports (aka Inventory Queries): Reports are a great way of measuring the effectiveness of distributing content, and can be used for all sorts of compliance purposes as well. ***Trust, but verify*** is what reports are all about. In this pack we have included the following reports: - - - **MSFT Defender Information:** A report including data from the custom fields listed above for every Mac and Windows device. (*You may want to further edit this report to only look at "Last Connected" for a certain time range to make sure you are only reporting compliance on "active" devices.*) #### Dashboards: Dashboards build upon reports and are an incredibly powerful tool for showing aggregated data in charts and graphs. This pack provides the following dashboard: - - - **Defender Dashboard:** A collection of compliance charts that give you summary and detail information on Defender health, threat status, and overall compliance to your security standards. ## Ingredients - FileWave Central Admin & Credentials - Base64 API Token - Content Pack: (Only one of the following is needed, based on your admin device's OS platform)**Windows Content Pack** | [Windows Content Pack Download](https://kb.filewave.com/attachments/341 "Download Pack") |
**macOS Content Pack (ARM based)** | On macOS, we need to use curl to download so that Gatekeeper doesn't quarantine the import application. You can copy and paste the following into Terminal.app...the example provided downloads import\_pack.zip to the desktop ```bash curl -o ~/Desktop/import_pack.zip https://kb.filewave.com/attachments/342 ``` |
**macOS Content Pack (Intel based)** | On macOS, we need to use curl to download so that Gatekeeper doesn't quarantine the import application. You can copy and paste the following into Terminal.app...the example provided downloads import\_pack.zip to the desktop ```bash curl -o ~/Desktop/import_pack.zip https://kb.filewave.com/attachments/343 ``` |