# Compliance Packs

Compliance Packs are for meeting security and regulatory requirements. They include things like deploying and reporting on the status of Microsoft Defender. They are meant to be used at any time to add to enhancing your security posture.

# MSFT Defender Reporting - Content Pack

## Description

**About Content Packs:** FileWave is immensely powerful, but can be daunting when it comes to stitching the various components together. Content packs are meant to give you a leg-up in creating distributable content and are also a great way to learn by example! Each content pack is meant to be a "whole solution", putting together all of the pieces of FileWave to accomplish a goal.

**About This Content Pack:** This FileWave Content Pack focuses on **reporting** on Microsoft Defender Compliance, and gives you some really great custom field data and a dashboard built on the very same to show Defender is behaving in your environment. The purpose of this pack is provide the information you need to proactively manage your environment and is comprised of all of the contents listed below:

## What You Get in this Content Pack

This content pack provides:

#### Custom Fields:

"Custom Fields" are a terrific way to extend the "inventory attributes" of your devices. In this content pack we have included:

- - - - **Defender App Version:** Reads the version of the Defender App installed on the device (macOS/Windows)
            - **Defender Defs Version:** Reads the version of the Defender Definitions installed on the device (macOS/Windows)
            - **Defender Defs Date:** Reads the date of the Defender Defs installed on the device (macOS/Windows)
            - **Defender Engine Version:** Reads the version of the Defender Engine installed on the device (macOS/Windows)
            - **Defender Health:** At a high level indicates whether Defender is "healthy" on this device (macOS/Windows)
            - **Defender Threats Detected:** Reads the threats log on the device (macOS/Windows)
            - **Defender Detailed Status:** Gives verbose status on the Defender client (macOS/Windows)

<p class="callout info">Note that the following report and dashboard are based upon the above custom fields. Those custom fields will only populate when the clients report in, so initially your report and dashboard will be empty, but will soon populate.</p>

#### Reports (aka Inventory Queries):

Reports are a great way of measuring the effectiveness of distributing content, and can be used for all sorts of compliance purposes as well. ***Trust, but verify*** is what reports are all about. In this pack we have included the following reports:

- - - **MSFT Defender Information:** A report including data from the custom fields listed above for every Mac and Windows device. (*You may want to further edit this report to only look at "Last Connected" for a certain time range to make sure you are only reporting compliance on "active" devices.*)

#### Dashboards:

Dashboards build upon reports and are an incredibly powerful tool for showing aggregated data in charts and graphs. This pack provides the following dashboard:

- - - **Defender Dashboard:** A collection of compliance charts that give you summary and detail information on Defender health, threat status, and overall compliance to your security standards.

## Ingredients

- FileWave Central Admin &amp; Credentials
- Base64 API Token
- Content Pack:

(Only one of the following is needed, based on your admin device's OS platform)

<table border="1" id="bkmrk-macos" style="border-collapse: collapse; width: 110.833%; height: 418.743px;"><colgroup><col style="width: 29.3168%;"></col><col style="width: 70.6832%;"></col></colgroup><tbody><tr style="height: 63.25px;"><td class="align-left" style="height: 63.25px;">**Windows Content Pack**</td><td class="align-center" style="height: 63.25px;">[Windows Content Pack Download](https://kb.filewave.com/attachments/341 "Download Pack")</td></tr><tr style="height: 181.352px;"><td style="height: 181.352px;">**macOS Content Pack (ARM based)**

</td><td style="height: 181.352px;"><p class="callout info">On macOS, we need to use curl to download so that Gatekeeper doesn't quarantine the import application. You can copy and paste the following into Terminal.app...the example provided downloads import\_pack.zip to the desktop</p>

```bash
curl -o ~/Desktop/import_pack.zip https://kb.filewave.com/attachments/342
```

</td></tr><tr style="height: 174.141px;"><td style="height: 174.141px;">**macOS Content Pack (Intel based)**

</td><td style="height: 174.141px;"><p class="callout info">On macOS, we need to use curl to download so that Gatekeeper doesn't quarantine the import application. You can copy and paste the following into Terminal.app...the example provided downloads import\_pack.zip to the desktop</p>

```bash
curl -o ~/Desktop/import_pack.zip https://kb.filewave.com/attachments/343
```

</td></tr></tbody></table>

## Directions

1. Download the appropriate content pack above (based on your admin device's platform) and unzip it
2. Run the user\_interface tool in the user\_interface folder, using appropriate credentials for your environment (check out our overview article on importing content packs [here](https://kb.filewave.com/books/content-packs/page/how-to-import-a-content-pack "How to Import a Content Pack"))
3. Once completed, verify the new content in your system (and [import the dashboard](https://kb.filewave.com/books/dashboard-grafana/page/importing-a-grafana-dashboard "Importing a Grafana Dashboard"))

## Sample Screenshots

[![image.png](https://kb.filewave.com/uploads/images/gallery/2024-05/scaled-1680-/gHhAS5tQ2uclbTHm-image.png)](https://kb.filewave.com/uploads/images/gallery/2024-05/gHhAS5tQ2uclbTHm-image.png)

## Notes

Note that you can freely edit any of the content in this content pack. We do recommend reviewing each of the types of content as provided first though so that you can get a feel for how things "fit together" before modification.

## Related Content

- [How to Import a Content Pack](https://kb.filewave.com/books/content-packs/page/how-to-import-a-content-pack "How to Import a Content Pack")
- [Getting an API Token](https://kb.filewave.com/books/application-programming-interface-api/page/working-with-apis)
- [Importing a Grafana Dashboard](https://kb.filewave.com/books/dashboard-grafana/page/importing-a-grafana-dashboard "Importing a Grafana Dashboard")
- [Content Packs](https://kb.filewave.com/books/content-packs "Content Packs")
- More Info on how to use: 
    - [Custom Fields](https://kb.filewave.com/books/evaluation-guide/page/custom-fields "Custom Fields")
    - [Client Group Structure](https://kb.filewave.com/books/evaluation-guide/page/client-group-structure "Client Group Structure")
    - [Inventory Reports](https://kb.filewave.com/books/evaluation-guide/page/inventory-reports "Inventory Reports")
    - [Custom Dashboards](https://kb.filewave.com/books/dashboard-grafana/chapter/20-custom-dashboards-for-beginners "Custom Dashboards")