Hi all,
We're moving to Crowdstrike antivirus, there is only cloud console that can be monitored by web API using oauth2 authentication with 30 minutes token.
I'm not a "script guy", I used only some PRTG scripts downloaded by GitHub or other blogs. I've write to Paessler support and they help me with this template and this description: Can someone help me to complete the script? I only need to monitor the virus detection, I'm waiting the query by Crowdstrike support, this is the API specifications: https://assets.falcon.laggar.gcw.crowdstrike.com/support/api/swagger-eagle.html#/detects/QueryDetects
Many thanks
SCRIPT:
Param ( #[Parameter(Mandatory)] [string]$url = "https://api.crowdstrike.com", [string]$client_id = "", [string]$client_secret = "" ) function Get-AuthenticationToken { Param( $baseurl = $script:url, $client_id = $Script:client_id, $client_secret = $Script:client_secret, $method = "POST" ) $headers = @{ 'accept' = 'application/json' 'content-type' = 'application/x-www-form-urlencoded' } $payload = "client_id=$client_id&client_secret=$client_secret" $url = $baseurl.trim("/") + "/oauth2/token" $token = (Invoke-RestMethod $url -Method $method -Body $payload).access_token } try { # Get a token (will be executed at each script execution) $token = Get-AuthenticationToken # Return data in PRTG (example) $data = @" { "prtg": { "result": [ { "channel": "NAME", "value": VALUE, }, ... ] } } "@ Write-Output $data } catch { write-host "$($_.exception.message) At line : $($_.InvocationInfo.ScriptLineNumber)" Exit 1 }
MAIL DESCRIPTION:
The script contains the authentication part however it might need to be modified to work properly. The latter will generate a new token at each execution therefore it might also be necessary to add the support of the token (save it and check if it is still valid before asking for a new one). It also includes the code which returns the data in PRTG for the EXE/Script Advanced sensor indeed. You then need to add the query which will get the information you desire to monitor, process the data (convert them to integer or float if needed) and then add them in the JSON response. The channels should then automatically be created in PRTG.
Add comment