- 04 Dec 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Microsoft Defender - Enrich Devices with MDE Client Analyzer Results
- Updated on 04 Dec 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Microsoft Defender - Enrich Devices with MDE Client Analyzer Results enriches devices with MDE Client Analyzer data for:
- Assets returned by the selected query or assets selected on the relevant asset page.
This action connects to the target device using WinRM/WSMAN connection, and downloads the HTM(L) file using PowerShell. Then, it parses the HTM(L) file and uses it to enrich the device with the extracted data.
The PowerShell script used by this action is as follows:
Get-Contents -Name "path\to\file.zip"
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
Required Fields
These fields must be configured to run the Enforcement Set.
- Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Username - The username to authenticate with for the WinRM connection.
- Password - The password to authenticate with for the WinRM connection.
- File Path - The path to the MDE Client Analyzer results. Enter either a .HTM(L) or .ZIP file path.
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
These fields are optional.
- Gateway Name - Select the Gateway through which to connect to perform the action.
APIs
Axonius uses the Installation and configuration for Windows Remote Management guide.
Required Ports
Axonius must be able to communicate via the following ports:
- 5985 (default)
- 5986
Required Permissions
To configure permissions for WinRm connection, refer to Installation and configuration for Windows Remote Management.
Version Matrix
This Enforcement Action was tested only with the versions marked as supported, but may work with other versions. Please contact Axonius Support if you have a version that is not listed and it is not functioning as expected.
Version | Supported | Notes |
---|---|---|
Windows Server 2016 | Yes | |
Windows Server 2019 | Yes | |
Windows Server 2022 | Yes |
For more details about other Enforcement Actions available, see Action Library.