Your IP : 216.73.216.220

Current Path : /opt/microsoft/omsagent/plugin/
Upload File :
Current File : //opt/microsoft/omsagent/plugin/collectdefenderinfo.rb

require "rexml/document"
require "cgi"
require 'digest'
require 'json'
require 'date'
require 'time'
require 'logger'
require_relative 'antimalwarecommon'

class Defender

	def self.detect()	
		begin
			if !File.file?('/usr/bin/mdatp')
				return false
			end	
			return true
		rescue => e					
			return false			
		end
	end

	def self.getprotectionstatus()		 
		ret = {}
		
		defenderName = "Defender Endpoint Protection for Linux"
		defenderVersion = "NA"
		engineVersion = "NA"

		realtimeprotection = "NA"
		signatureVersion = "NA"

		protectionStatusDetails = ""
		protectionStatusDetailsString = ""

		error = ""

		($ProtectionStatusRank, $ProtectionStatus) = AntimalwareCommon::UnknownProtectionCode
		($ThreatStatusRank, $ThreatStatus) = AntimalwareCommon::UnknownThreatCode

		begin
			json_data = `/usr/bin/mdatp health --output json 2>&1`

			if !$?.success? || json_data.nil? || json_data.empty?				
				error += "fail to run mdatp health cmd; "
			else
				defenderhealth = JSON.parse(json_data)

				signatureStatus = defenderhealth["definitionsStatus"]["$type"]

				if signatureStatus != "upToDate"
					($ProtectionStatusRank, $ProtectionStatus) = AntimalwareCommon::SignaturesOutOfDateProtectionCode
					protectionStatusDetailsString += "Signatures out of date; "
				end

				signatureVersion = defenderhealth["definitionsVersion"]
				defenderVersion = defenderhealth["appVersion"]
				realtimeprotection = defenderhealth["realTimeProtectionEnabled"]["value"]

				if (realtimeprotection == "NA" || !realtimeprotection)
					($ProtectionStatusRank, $ProtectionStatus) = AntimalwareCommon::NoRealTimeProtectionProtectionCode
					protectionStatusDetailsString += "Real-time protection disabled; "
				end

				if protectionStatusDetailsString.empty? 
					($ProtectionStatusRank, $ProtectionStatus) = AntimalwareCommon::RealTimeProtectionCode
					protectionStatusDetailsString += "MDATP is running healthy."
				end
				protectionStatusDetails = protectionStatusDetailsString
			end
		rescue => e
			error += "Getting exception when trying to find MDATP health info: " + e.message + " " + e.backtrace.inspect
			ret["Error"] = error					
		end


		ret["ProtectionStatusRank"] = $ProtectionStatusRank
    	ret["ProtectionStatus"] = $ProtectionStatus
    	ret["ProtectionStatusDetails"] = protectionStatusDetails
    	ret["DetectionId"] = SecureRandom.uuid
    	ret["Threat"] = ""
    	ret["ThreatStatusRank"] = $ThreatStatusRank
    	ret["ThreatStatus"] = $ThreatStatus
		ret["ThreatStatusDetails"] = "Threat Status is currently not supported in MDATP"
		ret["Signature"] = (signatureVersion.nil? || signatureVersion.empty? || signatureVersion == "NA")? "Signature version not found" : signatureVersion
    	ret["ScanDate"] = ""
    	ret["DateCollected"] = DateTime.now.strftime("%m/%d/%Y %H:%M")
    	ret["Tool"] = defenderName
		ret["AMProductVersion"] = (defenderVersion.nil? || defenderVersion.empty? || defenderVersion == "NA")? "MDATP version not found" : defenderVersion
		return ret
	end
end