community script consolidating Defender status reports script

api/tacticalrmm/scripts/community_scripts.json

@@ -262,23 +262,13 @@
   },
   {
     "guid": "d980fda3-a068-47eb-8495-1aab07a24e64",
-    "filename": "Win_Defender_Status_Report_Last24hrs.ps1",
+    "filename": "Win_Defender_Status_Report.ps1",
     "submittedBy": "https://github.com/dinger1986",
-    "name": "Defender - Status Report Last 24hr",
-    "description": "Using Event Viewer, this will check for Malware and Antispyware within the last 24 hours and display, otherwise will report as Healthy",
+    "name": "Defender - Status Report",
+    "description": "This will check for Malware and Antispyware within the last 24 hours and display, otherwise will report as Healthy. Command Parameter: (number) if provided will check that number of days back in the log.",
     "shell": "powershell",
     "category": "TRMM (Win):Security>Antivirus"
   },
-  {
-    "guid": "6a0202fc-1b27-4905-95c0-0a03bb881893",
-    "filename": "Win_Defender_Status_Report_LastYear.ps1",
-    "submittedBy": "https://github.com/silversword411",
-    "name": "Defender - Status Report Last Year",
-    "description": "Using Event Viewer, this will check for Malware and Antispyware and display, otherwise will report as Healthy",
-    "shell": "powershell",
-    "category": "TRMM (Win):Security>Antivirus",
-    "default_timeout": "300"
-  },
   {
     "guid": "9956e936-6fdb-4488-a9d8-8b274658037f",
     "filename": "Win_Disable_Fast_Startup.bat",

scripts/Win_Defender_Status_Report.ps1

@@ -1,18 +1,24 @@
 # This will check for Malware, Antispyware, that Windows Defender is Healthy, last scan etc within the last 24 hours
+# If parameter is supplied, it will search the log for that many days
+
+$param1 = $args[0]
 
 $ErrorActionPreference = 'silentlycontinue'
-$TimeSpan = (Get-Date) - (New-TimeSpan -Day 365)
+if ($Args.Count -eq 0) {
+    $TimeSpan = (Get-Date) - (New-TimeSpan -Day 1)
+}
+else {
+    $TimeSpan = (Get-Date) - (New-TimeSpan -Day $param1)
+}
 
-if (Get-WinEvent -FilterHashtable @{LogName = 'Microsoft-Windows-Windows Defender/Operational'; ID = '1116', '1118', '1015', '1006', '5010', '5012', '5001', '1123'; StartTime = $TimeSpan }) 
-{
+if (Get-WinEvent -FilterHashtable @{LogName = 'Microsoft-Windows-Windows Defender/Operational'; ID = '1116', '1118', '1015', '1006', '5010', '5012', '5001', '1123'; StartTime = $TimeSpan }) {
     Write-Output "Virus Found or Issue with Defender"
     Get-WinEvent -FilterHashtable @{LogName = 'Microsoft-Windows-Windows Defender/Operational'; ID = '1116', '1118', '1015', '1006', '5010', '5012', '5001', '1123'; StartTime = $TimeSpan }
     exit 1
 }
 
 
-else 
-{
+else {
     Write-Output "No Virus Found, Defender is Healthy"
     Get-WinEvent -FilterHashtable @{LogName = 'Microsoft-Windows-Windows Defender/Operational'; ID = '1150', '1001'; StartTime = $TimeSpan }
     exit 0

scripts/Win_Defender_Status_Report_Last24hrs.ps1

@@ -1,24 +0,0 @@
-# This will check for Malware, Antispyware, that Windows Defender is Healthy, last scan etc within the last 24 hours
-
-$ErrorActionPreference= 'silentlycontinue'
-$TimeSpan = (Get-Date) - (New-TimeSpan -Day 1)
-
-if (Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1116','1118','1015','1006','5010','5012','5001','1123';StartTime=$TimeSpan}) 
-
-{
-Write-Output "Virus Found or Issue with Defender"
-Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1116','1118','1015','1006','5010','5012','5001','1123';StartTime=$TimeSpan}
-exit 1
-}
-
-
-else 
-
-{
-Write-Output "No Virus Found, Defender is Healthy"
-Get-WinEvent -FilterHashtable @{LogName='Microsoft-Windows-Windows Defender/Operational';ID='1150','1001';StartTime=$TimeSpan}
-exit 0
-}
-
-
-Exit $LASTEXITCODE