1.could of setup alerts on each box to email when a virus detections
2.powershell to check eventlogs and do stuff with it.
had issue with eventlog culture on non powershell4 box.
#
# Virus Detections Last 1 days
#
$LogEntries =@()
$daysAgo = (get-date) - (new-timespan -day 1)
# BugFix for PS3 and anything other than en-us
$orgCulture = Get-Culture
[System.Threading.Thread]::CurrentThread.CurrentCulture = New-Object "System.Globalization.CultureInfo" "en-US"
#
# Target
#
$ou='OU=MOE Servers,DC=lc,DC=local'
$computers=Get-ADComputer -Filter * -SearchBase $ou
foreach ($server in $computers) {
$report=Get-WinEvent -FilterHashtable @{logname='system'; id=1006; ProviderName='FCSAM';StartTime=$daysAgo} -computername $server.dnshostname -ErrorAction SilentlyContinue
if ($report){
foreach ($panda in $report){
$Obj = New-Object -TypeName PsObject
$Obj | Add-Member -membertype noteproperty -name Server -value ($server.DNSHostName)
$Obj | Add-Member -membertype noteproperty -name TimeCreated -value ($panda.timecreated)
foreach ($jeff in (($panda.message).Split("`r"))){
if ($jeff -match "Name:"){$output=$jeff}
if ($jeff -match "Severity:"){$output+=$jeff}
}
$Obj | Add-Member -membertype noteproperty -name Message -value ($output.Trim())
$LogEntries += $Obj
}
#Clear
$report=$null
$output=$null
}
}
#
# Switch back to Aus
#
[System.Threading.Thread]::CurrentThread.CurrentCulture = New-Object "System.Globalization.CultureInfo" "en-AU"
$LogEntries | sort timecreated -Descending
#
# then do stuff like export to webserver or..
#
No comments:
Post a Comment