Microsoft Defender - Enrich Devices with MDE Client Analyzer Results
  • 04 Dec 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

Microsoft Defender - Enrich Devices with MDE Client Analyzer Results

  • Dark
    Light
  • PDF

Article summary

Microsoft Defender - Enrich Devices with MDE Client Analyzer Results enriches devices with MDE Client Analyzer data for:

  • Assets returned by the selected query or assets selected on the relevant asset page.
    This action connects to the target device using WinRM/WSMAN connection, and downloads the HTM(L) file using PowerShell. Then, it parses the HTM(L) file and uses it to enrich the device with the extracted data.
    The PowerShell script used by this action is as follows:
    Get-Contents -Name "path\to\file.zip"

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

Note:

Required Fields

These fields must be configured to run the Enforcement Set.

  • Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

  • Username - The username to authenticate with for the WinRM connection.
  • Password - The password to authenticate with for the WinRM connection.
  • File Path - The path to the MDE Client Analyzer results. Enter either a .HTM(L) or .ZIP file path.
  • Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.

Additional Fields

These fields are optional.

  • Gateway Name - Select the Gateway through which to connect to perform the action.

APIs

Axonius uses the Installation and configuration for Windows Remote Management guide.

Required Ports

Axonius must be able to communicate via the following ports:

  • 5985 (default)
  • 5986

Required Permissions

The stored credentials, or those provided in Connection and Credentials, must have permission to perform this Enforcement Action.

To configure permissions for WinRm connection, refer to Installation and configuration for Windows Remote Management.

Version Matrix

This Enforcement Action was tested only with the versions marked as supported, but may work with other versions. Please contact Axonius Support if you have a version that is not listed and it is not functioning as expected.

VersionSupportedNotes
Windows Server 2016Yes
Windows Server 2019Yes
Windows Server 2022Yes

For more details about other Enforcement Actions available, see Action Library.



Was this article helpful?