I am in the process of configuring Zabbix 3.4 to monitor Windows Defender events. We have sent a test virus several times which Windows Defender detected immediately and quarantined. Because it happened quickly, these events were not picked up by my Zabbix trigger, which does a refresh every 30 seconds. If I go to powershell and run “get-wmiobject-class msft_mpthreatdetection -namespace ..”, I see each of the events. I created an item in Zabbix using wmi-get to select initialdetectiontime from msft_mpthreatdetection. When I go to Monitoring, Latest Data, it always returns the same entry from the MpThreatDetection table, not the latest one.
Is there a way I can see each threat which was quarantined by Windows Defender or at least have a way to determine how many have been quarantined in the last 24 hours via wmi.get? I have tried using a trigger of function of {Template Windows Defender WMI:wmi.get["root\microsoft\windows\defender","select RemediationTime from MSFT_MpThreatDetection"].last(86400)} to display those within the last 24 hours but that doesn’t work for me neither.
Thanks
Is there a way I can see each threat which was quarantined by Windows Defender or at least have a way to determine how many have been quarantined in the last 24 hours via wmi.get? I have tried using a trigger of function of {Template Windows Defender WMI:wmi.get["root\microsoft\windows\defender","select RemediationTime from MSFT_MpThreatDetection"].last(86400)} to display those within the last 24 hours but that doesn’t work for me neither.
Thanks