Skip to main content

This worklet takes two configurations that you upload to the worklet - eventlogs.yaml & default_agent_config.yaml - and copies them to the Datadog folders they belong to as conf.yaml and datadog.yaml respectively. It also takes an existing conf.yaml.default configuration and makes a copy of it as the conf.yaml file in its’ same directory.



A log is created in the Automox activity log, but it also creates a log locally on the machine in C:\vSOC_Tools.



Evaluation:



Exit 0


Remediation:



"Net.ServicePointManager]::SecurityProtocol = =Net.SecurityProtocolType]::Tls12





$datadogConfDir = 'C:\ProgramData\Datadog\'


$win32ConfDir = 'C:\ProgramData\Datadog\conf.d\win32_event_log.d\'


$diskConfDir = 'C:\ProgramData\Datadog\conf.d\disk.d'


$eventLogs = 'eventlogs.yaml'  #Uploaded File


$defaultAgent = 'default_agent_config.yaml'  #Uploaded File


$service = Get-Service -Name "Datadog Agent" -ErrorAction SilentlyContinue





Start-Transcript -Path C:\vSOC_Tools\test.log





# Create directories if they don't exist


If (-not (Test-Path ($datadogConfDir))) { 


    Write-Output "Creating Win32 Conf Directory"


    New-Item  -Path $datadogConfDir -ItemType "directory" 


}





If (-not (Test-Path ($win32ConfDir))) { 


    Write-Output "Creating Win32 Conf Directory"


    New-Item  -Path $win32ConfDir -ItemType "directory" 


}





If (-not (Test-Path ($diskConfDir))) { 


    Write-Output "Creating Win32 Conf Directory"


    New-Item  -Path $diskConfDir -ItemType "directory" 


}





# Fix configs and restart agent


Write-Output "Copying Win32 Conf"


Copy-Item $eventLogs -Destination "$win32ConfDir\conf.yaml" -Force





Write-Output "Copying Datadog Conf"


Copy-Item $defaultAgent -Destination "$datadogConfDir\datadog.yaml" -Force





If (Test-Path "$diskConfDir\conf.yaml.default") {


    Write-Output "Copying Disk Conf"


    Copy-Item "$diskConfDir\conf.yaml.default" -Destination "$diskConfDir\conf.yaml" -Force


}


else


{ Write-Output "$diskConfDir\conf.yaml.default does not exist" }





If ($service.length -gt 0) {


    Write-Output "Restarting Agent"


    Restart-Service $service -Force


}


else


{ Write-Output "$service does not exist" }





Stop-Transcript
Be the first to reply!

Reply


Terms & ConditionsCookie settings