Hi,
I did an "integration" between Microsoft Security Baseline and Zabbix. MBSA is able to scan an Windows Server against Windows Update site/Wsus and report if the server is or isn't under "severe risk".
What I did, was to create an script, that parses the report generated by MBSA, and throws some codes, that can be tracked by zabbix.
Attached you'll find a script (vbs) to be used with zabbix, in order to achieve this.
It's necessary to do a complementary step. Create a task in the windows scheduller to invoke MBSA to generate the report.
So, the steps are:
1) Create a batch file, and, inside it, put the following command: mbsacli /n os+iis+sql+password > mbsa.txt (I save it in the MBSA folder)
obs: I'm only interested in monitor if my servers are properly patched. If you want the complete scan, just remove /n os+iis+sql+password
2) Create a task in the scheduler to run the above batch. I configured it to run once a day
3) Put the script into the zabbix folder (agent side). Modify it accordingly to your situation (just line 2, where the path to MBSA is configured)
4) In the zabbix_agentd.conf, create a UserParameter=mbsa,cscript //nologo C:\zabbix\readMbsaResult.vbs
5) Create an Item in zabbix, with key "mbsa". Adjust it to your needs.
6) Create a throw map; 0 -> Compliant, 1 -> FYI, 2 -> Severe Risk, 3 -> Script Error
7) Use it in or templates, or directly in the hosts that you need.
I hope it helps someone to keep your servers updated.
TIA,
Bob
I did an "integration" between Microsoft Security Baseline and Zabbix. MBSA is able to scan an Windows Server against Windows Update site/Wsus and report if the server is or isn't under "severe risk".
What I did, was to create an script, that parses the report generated by MBSA, and throws some codes, that can be tracked by zabbix.
Attached you'll find a script (vbs) to be used with zabbix, in order to achieve this.
It's necessary to do a complementary step. Create a task in the windows scheduller to invoke MBSA to generate the report.
So, the steps are:
1) Create a batch file, and, inside it, put the following command: mbsacli /n os+iis+sql+password > mbsa.txt (I save it in the MBSA folder)
obs: I'm only interested in monitor if my servers are properly patched. If you want the complete scan, just remove /n os+iis+sql+password
2) Create a task in the scheduler to run the above batch. I configured it to run once a day
3) Put the script into the zabbix folder (agent side). Modify it accordingly to your situation (just line 2, where the path to MBSA is configured)
4) In the zabbix_agentd.conf, create a UserParameter=mbsa,cscript //nologo C:\zabbix\readMbsaResult.vbs
5) Create an Item in zabbix, with key "mbsa". Adjust it to your needs.
6) Create a throw map; 0 -> Compliant, 1 -> FYI, 2 -> Severe Risk, 3 -> Script Error
7) Use it in or templates, or directly in the hosts that you need.
I hope it helps someone to keep your servers updated.
TIA,
Bob
Comment