To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Monitor PSB

Piers
Piers Posts: 3 Security Scout
in Business Suite

We have been using a Monitoring System (CentraStage) for all our managed desktops and servers. One of the things it does is generates a ticket if a desktop has an AV problem e.g. is out of date, not installed, disabled etc. this all happens via agent which uses the Windows Security Centre that’s great for desktops but WSC does not exist on Server’s.

 

Now you can write your own Monitors and there are loads in the community for most AV but not F-Secure. We obvious use the PSB portal but ideally we would also like it in our monitoring system which is much more proactive.

 

So how can I get the status of a Servers F-Secure:

  • It is installed (OK I can manage that one)
  • It is Active
  • Up to date

In a custom monitor we can use: DOS cmd, Vbscript, Javascript, powershell,  python and maybe a couple of others. So that mean I access to webservices, registry, wmi, files system etc etc.

 

What can I check for / against to give me the info above, and if there are multiple what is the most robust.

 

Regards

 

Piers

Comments

  • Piers
    Piers Posts: 3 Security Scout

    Thanks, I had seen that but I was looking for alternatives, but I think that will work. I got a bit distracted by SNMP bit and started to try to use the RMM SNMP monitor to retieve the value. Out of intrest is there a Port and a Community string for this OID?

     

    Anyway I have written (well started to write) a batch file which  do the job using the info from that post.

     

    Thanks again

     

    Piers

  • Ben
    Ben Posts: 664 Cybercrime Crusader

    I am not sure to understand what you mean by "is there a Port and a Comunity string for this OID?".

     

    Could you explain what you are referring to?

  • Piers
    Piers Posts: 3 Security Scout

     

    Hi Ben,

     

    In the Post it uses "POLUTIL.EXE g 1.3.6.1.4.1.2213.12.2.140" to get the Status.

     

    1.3.6.1.4.1.2213.12.2.140 is a OID which is a SNMP Object ID that hold a value (or String etc). Normally retrieved with a SNMP monitor tool. To use a Monitoring tool you normally give it the IP address, port (if nonstandard), and a Community String (a Passphase if you like). It seem that POLUTIL is just retiving the OID from the local machine. Which Potentially could be done very natively with a monitoring system but you would need the the Community (and port if Custom)

     

    Piers

     

     

This discussion has been closed.

Categories