Worklet: Datadog Configuration Set in Windows

  • 28 October 2020
  • 0 replies
  • 121 views

Userlevel 5

This worklet takes two configurations that you upload to the worklet - eventlogs.yaml & default_agent_config.yaml - and copies them to the Datadog folders they belong to as conf.yaml and datadog.yaml respectively. It also takes an existing conf.yaml.default configuration and makes a copy of it as the conf.yaml file in its’ same directory.


A log is created in the Automox activity log, but it also creates a log locally on the machine in C:\vSOC_Tools.


Evaluation:


Exit 0

Remediation:


[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

$datadogConfDir = 'C:\ProgramData\Datadog\'
$win32ConfDir = 'C:\ProgramData\Datadog\conf.d\win32_event_log.d\'
$diskConfDir = 'C:\ProgramData\Datadog\conf.d\disk.d'
$eventLogs = 'eventlogs.yaml' #Uploaded File
$defaultAgent = 'default_agent_config.yaml' #Uploaded File
$service = Get-Service -Name "Datadog Agent" -ErrorAction SilentlyContinue

Start-Transcript -Path C:\vSOC_Tools\test.log

# Create directories if they don't exist
If (-not (Test-Path ($datadogConfDir))) {
Write-Output "Creating Win32 Conf Directory"
New-Item -Path $datadogConfDir -ItemType "directory"
}

If (-not (Test-Path ($win32ConfDir))) {
Write-Output "Creating Win32 Conf Directory"
New-Item -Path $win32ConfDir -ItemType "directory"
}

If (-not (Test-Path ($diskConfDir))) {
Write-Output "Creating Win32 Conf Directory"
New-Item -Path $diskConfDir -ItemType "directory"
}

# Fix configs and restart agent
Write-Output "Copying Win32 Conf"
Copy-Item $eventLogs -Destination "$win32ConfDir\conf.yaml" -Force

Write-Output "Copying Datadog Conf"
Copy-Item $defaultAgent -Destination "$datadogConfDir\datadog.yaml" -Force

If (Test-Path "$diskConfDir\conf.yaml.default") {
Write-Output "Copying Disk Conf"
Copy-Item "$diskConfDir\conf.yaml.default" -Destination "$diskConfDir\conf.yaml" -Force
}
else
{ Write-Output "$diskConfDir\conf.yaml.default does not exist" }

If ($service.length -gt 0) {
Write-Output "Restarting Agent"
Restart-Service $service -Force
}
else
{ Write-Output "$service does not exist" }

Stop-Transcript

0 replies

Be the first to reply!

Reply