guys i have another question about fixlets/relevance
sorry for the long explanation
we have malwarebytes anti-ransomware which scans our server but malwarebytes do not have a console as yet for this product so there is no alerting if we get infected however the anti-ransomware produces a local log file that we can read through to check if we got infected.
we are trying to leverage Bigfix to perform this action by
creating a fixlet to copy the log file to a temp location every 10 minutes (i created a bat file and inported to fixlet)
creating a relevance that checks the log file (exists line whose (it contains “ActionTaken=ARW_ACTION_KILL_THREAD” ) of file “C:\Windows\Temp\MBAMSERVICE\MBAMSERVICE.LOG”)
both works but my manager is asking me to create one fixlet that would copy the file and search for the specific line and i am not sure how to do this.
continue if {file "/path/to/foo.bar" contains "ARW_ACTION_KILL_THREAD"}
I would imagine this would stop the action if the file did not contain your string. You of course need more code around this to delete the files before you start, and what to do with the file if you do find a match, etc.
Keep in mind that the Fixlets/Tasks are intended to DO things to the Endpoints, not report on things. That’s what we use Analyses for.
You might want to create a Task to copy the Log file every 10 minutes, then an Analysis with a Property to look for the presence of the string you are looking for.
Then you can use Web Reports to trigger a report be emailed when the list of machines with the Property changes.