Skip to main content

MSFT Defender Reporting - Content Pack

Description

About Content Packs: FileWave is immensely powerful, but can be daunting when it comes to stitching the various components together.  Content packs are meant to give you a leg-up in creating distributable content and are also a great way to learn by example!  Each content pack is meant to be a "whole solution", putting together all of the pieces of FileWave to accomplish a goal.

About This Content Pack: This FileWave Content Pack focuses on reporting insteadon ofMicrosoft distributableDefender content,Compliance, and gives you some really great reportingcustom field data and a dashboard built on standardthe inventoryvery datasame to show overallDefender FileWaveis systembehaving andin environmentyour status.environment. The purpose of this pack is provide the information you need to proactively manage your environment and is comprised of all of the contents listed below:

What You Get in this Content Pack

This content pack provides:

Reports (aka Inventory Queries):

Reports are a great way of measuring the effectiveness of distributing content, and can be used for all sorts of compliance purposes as well.  Trust, but verify is what reports are all about.  In this pack we have included the following  reports:

      • ActiveMSFT Clients:Defender Information: ListA ofreport allincluding devicesdata that have checked in withinfrom the pastcustom 30fields days
        • listed
      • Android Devices: List of all Android devices enrolled
      • Chrome Browsers: Software inventory report on Chrome browser versions installed
      • ChromeOS Devices: List of all Chromebook devices enrolled
      • Fileset Report Last 7 Days: A list of all fileset content deployed within the last 7 days
      • Fileset Types: A summary report on all Filesets
      • FileWave Client Versions: Reports on the versions of the FileWave clientbelow for macOSevery Mac and Windows devices
        • device.
      • Firefox(You Versions:may Softwarewant inventoryto further edit this report onto Firefoxonly browserlook versionsat installed
        • "Last
      • iOSConnected" &for tvOSa Devices:certain Listtime ofrange allto iOS/iPadOS/tvOSmake devicessure enrolled
        • you
      • macOSare Devices:only Listreporting of all macOS devices enrolled
      • Missing iOS Patches: A list of all missing iOS patches by device
      • Missing macOS Patches: A list of missing patchescompliance on macOS"active" devices
      • Missing Windows PatchesA list of missing patches on Windows devices
      • Upstream Host: This report shows what booster/server the clients are reporting into
      • VPP Licenses Low: Shows all VPP licenses that are below 10 available licenses
      • Windows Devices: List of all Windows devices enrolleddevices.)

Dashboards:

Dashboards build upon reports and are an incredibly powerful tool for showing aggregated data in charts and graphs.  This pack provides the following dashboard:

      • FileWave OverviewDefender Dashboard: A great collection of out of-the-boxcompliance charts and inventory meant tothat give you ansummary eagle-eyeand viewdetail ofinformation howon thingsDefender arehealth, goingthreat instatus, and overall compliance to your environment.security standards.

Ingredients

  • FileWave Central Admin & Credentials

  • Base64 API Token
  • Content Pack:

(Only one of the following is needed, based on your admin device's OS platform)

Windows Content Pack Windows Content Pack Download

macOS Content Pack (ARM based)

On macOS, we need to use curl to download so that Gatekeeper doesn't quarantine the import application.  You can copy and paste the following into Terminal.app...the example provided downloads import_pack.zip to the desktop

 

curl -o ~/Desktop/import_pack.zip https://kb.filewave.com/attachments/326

macOS Content Pack (Intel based)

On macOS, we need to use curl to download so that Gatekeeper doesn't quarantine the import application.  You can copy and paste the following into Terminal.app...the example provided downloads import_pack.zip to the desktop

 

curl -o ~/Desktop/import_pack.zip https://kb.filewave.com/attachments/327

Directions

  1. Download the appropriate content pack above  (based on your admin device's platform) and unzip it

  2. Run the user_interface tool in the user_interface folder, using appropriate credentials for your environment (check out our overview article on importing content packs here)
  3. Once completed, verify the new content in your system (and import the dashboard)

Sample Screenshots

image.pngimage.png

Notes

Note that you can freely edit any of the content in this content pack.  We do recommend reviewing each of the types of content as provided first though so that you can get a feel for how things "fit together" before modification.

Related Content

Back to top