Mutiny Community ShellStore - Powershell & Remote agents

This collection of Powershell agents can be scheduled by the Mutiny Powershell Scheduler (MPS) and used to enhance application and system monitoring within mutiny.

Users can either copy and paste the code and modify as appropriate and then add them to the MPS or they can download the Mutiny Powershell bundle (.mpk files)and drop it straight on the MPS and run.

If you have coded your own powershell agent why not to share it with us and we will check it over and make it available here.

If you are writing your own agents these reference papers will help with the output that mutiny works with.

General_RA_Spec-V8.pdf

Data_Extensions_to_Remote_Agents.pdf

Agents

Mutiny PowerShell Agent for Windows Firewall Status Monitoring

This PowerShell script is designed to monitor the status of Windows Firewall profiles on a system. It checks whether the profiles are enabled and creates an event if any profiles are found to be disabled. The script triggers a critical event if one or more firewall profiles are disabled, ensuring that any potential vulnerabilities due to an improperly configured firewall are promptly flagged.

Key Features:

Monitors all Windows Firewall profiles and their status.
Generates detailed status reports, indicating whether any profiles are disabled.
Triggers a critical event if one or more profiles are disabled, with customizable thresholds.
Provides detailed output for easy integration into Mutiny's monitoring framework.

This agent can be easily customised to match specific requirements, and is a valuable tool for maintaining the security posture of your Windows systems.

Status: Released
Author: Lawrence Freeman & ChatGPT
Version: 1
PScript: MutPSA_FirewallStatus.ps1

Notes:
Add custom agent named "MutPSA_FirewallStatus" to the node in mutiny

Mutiny PowerShell Agent for Certificate Expiry Monitoring

This PowerShell script is designed to monitor the status of SSL/TLS certificates on a system, counting how many certificates are expiring within the next 60 days. It filters out certificates issued by Microsoft and provides detailed information on expiring certificates, including their subject, friendly name, issuer, and expiry date.

Key Features:

Monitors SSL/TLS certificates across the system for expiration within a specified time frame.
Ignores certificates issued by Microsoft to focus on relevant certificates.
Customizable thresholds for triggering warning and critical alarms based on the number of expiring certificates.
Provides detailed output, including certificate details like subject, issuer, and expiry date.
Supports recursive folder scanning to include certificates located in subfolders.

This agent helps ensure timely identification of expiring certificates, reducing the risk of unrenewed certificates affecting system security. It is a valuable tool for managing certificate lifecycles in your network.

Status: Released
Author: Lawrence Freeman & ChatGPT
Version: 1.7
PScript: MutPsA_CertificateCounter.ps1

Notes:
Add custom agent named "MutPsA_CertificateCounter" to the node in mutiny

Mutiny PowerShell Agent for VM Replication Health Monitoring

This PowerShell script monitors the replication health of virtual machines (VMs) in a Hyper-V or VMware environment. It checks for VMs with replication enabled and evaluates their replication health status. If replication health issues are detected, the script triggers a warning or critical status.

Key Features:

Monitors virtual machine replication health and identifies any issues (Warning or Critical status).
Provides detailed output listing the health of each VM with replication enabled.
Customizable exit codes to integrate with MAX RemoteManagement for automated monitoring.
Provides a clear status message if no replication issues are found or if no VMs have replication enabled.

This agent helps ensure the health of your virtual machine replication processes, flagging any potential problems early to prevent data loss or downtime.

Status: Released
Author: mythofechelon.co.uk and modified for Mutiny
Version: 1.0 updated by Shieraz Bashir
PScript: HyperVReplicationHealthCheck.ps1

Notes:
Add custom agent named "ReplicationHealth" to the node in mutiny

Mutiny PowerShell Agent for WSUS Update Monitoring

This PowerShell script checks for available updates on a system via WSUS (Windows Server Update Services). It counts the number of updates pending installation and reports their status, categorizing it as "OK", "Warning", or "Critical" based on the number of pending updates. The script integrates seamlessly into Mutiny's monitoring framework.

Key Features:

Checks for pending software updates through WSUS, excluding hidden updates and pattern files from Windows Defender.
Categorizes the system’s update status as:
- OK for no pending updates.
- Warning for fewer than 10 updates.
- Critical for more than 10 updates pending installation.
Generates a detailed status report with the number of pending updates and their severity.
Customizable output, providing a rich description of the system's update health.

This agent ensures your systems stay up to date with critical patches and updates, providing early warnings or alerts when updates are pending. It’s an essential tool for maintaining system security and compliance.

Status: Released
Author: Aaron Street and Brandon Pearson
Version: 1.12 updated by Lawrence Freeman
PScript: MutinyWSUSreport.ps1

Notes:
If you run defender on the server, uncomment the the line #Update-MpSignature then schedule the agent to run hourly.
It will then update the defender signature rile before checking for windows updates.

Mutiny PowerShell Agent for Storage Monitoring

This PowerShell script is designed to monitor the storage status of all attached and network drives on a Windows server. It checks for available space on mounted drives, remounts any disconnected network drives, and generates a report detailing the total and free space on each drive. The agent integrates seamlessly into the Mutiny monitoring framework.

Key Features:

Monitors both local and network storage drives, including attached drives (DriveType=3) and network drives (DriveType=4).
Remounts any disconnected network drives to ensure accurate monitoring.
Provides detailed storage information, including total size and free space for each drive.
Generates an HTML-style table report with the storage status for easy viewing.
Supports both 64-bit and 32-bit systems for compatibility with all Windows server environments.

This agent helps ensure that storage resources are being efficiently utilized and allows for early identification of potential issues related to disk space shortages. It’s an essential tool for maintaining optimal server performance and preventing system disruptions due to insufficient storage.

Status: Released
Author: AD Murray
Version: 2.2
PScript: WindowsStorageMonitor.ps1 (use <right-click> "save as" to download)

Mutiny PowerShell Agent for Microsoft Exchange Monitoring

This PowerShell script is designed to monitor the health of Microsoft Exchange 2010 and 2013 servers by checking critical metrics such as message queue length and server latency. It evaluates the current queue length and latency against customizable thresholds to trigger warnings or critical alerts, ensuring the smooth operation of Exchange services.

Key Features:

Monitors Exchange message queue length and latency for Exchange 2010 and 2013.
Customizable thresholds for warning and critical alerts based on queue length and latency values.
Provides real-time status updates on the health of the Exchange server, including detailed information about the queue length and latency.
Supports Exchange 2010 and 2013 by dynamically selecting the appropriate counters for latency.
Logs the results and appends detailed performance data to the output file, including queue length and latency metrics.

This agent helps ensure optimal performance for Exchange servers, preventing disruptions caused by growing message queues or increased latency, and allowing administrators to take proactive measures before issues escalate.

Status: Released
Author: AD Murray
Version: 2.1
PScript: ExchangeHealthMonitor Exchange 2013/16 (use <right-click> "save as" to download)
PScript: Exchange2010HealthMonitor Exchange 2010 (use <right-click> "save as" to download)
Solution Page: https://mutiny.freshdesk.com/support/solutions/articles/5000524545-installing-the-powershell-scheduler

Mutiny PowerShell Agent for Microsoft SQL Server Monitoring

This PowerShell script is designed to monitor key performance indicators (KPIs) for Microsoft SQL Server, including user connections, memory grants pending, batch requests per second, and SQL compilations/recompilations. The script evaluates the performance metrics against customizable warning and critical thresholds, helping to identify potential performance bottlenecks or issues within SQL Server instances.

Key Features:

Monitors critical SQL Server performance counters such as:
- User Connections
- Memory Grants Pending
- Batch Requests per Second
- SQL Compilations per Second
- SQL Re-compilations per Second
Customizable thresholds for warning and critical alerts to suit your environment's needs.
Provides real-time data on the health of the SQL Server instance with detailed performance metrics.
Automatically adjusts to both local and remote SQL Server instances, ensuring flexibility for distributed environments.
Generates a detailed report with the status of each performance counter, including the actual value, warning/critical thresholds, and overall server health.

This agent allows administrators to stay proactive by ensuring SQL Server performance remains optimal, providing early warnings or critical alerts when performance thresholds are exceeded. It's an essential tool for maintaining the health and stability of your SQL Server infrastructure.

Status: Released
Author: AD Murray
Version: 2.1
PScript: MSSQLMonitor (use <right-click> "save as" to download)

Mutiny PowerShell Agent for Disk I/O Monitoring

This PowerShell script is designed to monitor the physical disk input/output (I/O) performance on a system by tracking the disk bytes per second. It measures and reports disk activity in real-time, helping administrators identify high disk usage or potential performance issues related to I/O.

Key Features:

Monitors the disk I/O performance by measuring the number of bytes read and written per second on each physical disk.
Filters out non-relevant data, reporting only meaningful disk I/O values for graphing and further analysis.
Provides detailed output for each disk instance with the disk's I/O performance in bytes per second.
Supports both 32-bit and 64-bit systems for compatibility with a wide range of environments.

This agent is essential for maintaining the performance and efficiency of your system’s storage resources, enabling administrators to quickly detect and address any I/O bottlenecks that could impact overall system performance.

Status: Released
Author: AD Murray
Version: 1.0PScript: DiskIOmonitor (use <right-click> "save as" to download)

Mutiny PowerShell Agent for Disk I/O Monitoring

Key Features:

Monitors the disk I/O performance by measuring the number of bytes read and written per second on each physical disk.
Filters out non-relevant data, reporting only meaningful disk I/O values for graphing and further analysis.
Provides detailed output for each disk instance with the disk's I/O performance in bytes per second.
Supports both 32-bit and 64-bit systems for compatibility with a wide range of environments.

Status: Released
Author: G Miller
Version: 1.1
PScript: MutPsA_IISAppPools (use <right-click> "save as" to download)
Additional files: MutPsA_IISAppPools.json (lives in the agents results folder) (use <right-click> "save as" to download)

Notes;
Edit the .json file to list the App Pools to be monitored and place it in your agents results folder

Mutiny PowerShell Agent for Custom Service Monitoring

This PowerShell script is designed to monitor the status of custom Windows services. It checks whether specified services are running and attempts to restart any services that have stopped. If any services are missing or failed, it provides a detailed report, including any actions taken, such as restarting the services.

Key Features:

Monitors custom Windows services, such as MSExchangeSA (or any other service specified).
Attempts to restart any services that are not running, helping to ensure service availability.
Provides detailed output, including the current status of each monitored service.
Supports dynamic service monitoring by allowing users to specify multiple services via script arguments.
Generates a status report, categorizing the health of the services as:
- OK for all services running as expected.
- Warning for one or more services that have failed.
- Critical for three or more failed services.
- Error if a specified service cannot be found.

This agent ensures that critical services remain operational, reducing downtime and ensuring system stability. It is a vital tool for monitoring and maintaining essential services in your environment.

Status: Released
Author: G Miller
Version: 1.0
PScript: MutPsA_ServiceMonitor.ps1

Notes;
Edit line 11 $servicesMonitored = @('MSExchangeSA') change the highlighted text for the service you wish to monitor.

Mutiny PowerShell Agent for Event Log Monitoring

This PowerShell script is designed to monitor specific event logs on a Windows server. It checks various log sources (such as Application, Security, System, and custom logs like "OAlerts" or "Key Management Service") for events matching specified Event IDs. The script tracks how many matching events are found and reports their severity based on configurable thresholds.

Key Features:

Monitors multiple Windows event logs, including predefined logs like Application, Security, System, and others.
Filters event logs based on configurable Event IDs specified in a JSON configuration file.
Tracks the number of matching logs and categorizes the status as:
- OK for logs within the normal threshold.
- Warning when logs exceed a warning threshold.
- Critical if logs surpass the danger threshold.
Provides detailed output for each log checked, including the number of matching logs and a snippet of the message text.
Generates a comprehensive status report for easy review.

This agent is ideal for proactively monitoring your event logs for any critical or warning-level events, ensuring that system issues are detected and addressed quickly. It's an essential tool for maintaining a healthy system environment and ensuring logs are properly reviewed.

Status: Released
Author: George Miller
Version: 2.0
PScript: MutPsA_EventLog.ps1
PScript: MutPsA_EventLog2.ps1 (this version also returns some details)
Additional files: MutPsA_EventLog.json (lives in the agents results folder)
Help page: installing-the-event-log-powershell-agent

Mutiny PowerShell Agent for Citrix Registry Key Monitoring

This PowerShell script is designed to monitor specific registry keys related to Citrix server settings. It checks two critical registry keys that can affect Citrix logins and server behavior: TSServerDrainMode and WinStationsDisabled. Based on the values of these keys, the script reports the server status and flags any configuration issues that could impact Citrix logins.

Key Features:

Monitors the TSServerDrainMode registry key, which controls whether the server is in drain mode (used for maintenance or shutdown).
Monitors the WinStationsDisabled registry key, which determines whether logins to the server are disabled.
Flags the status as:
- OK if both registry keys have values of 0, indicating normal operation.
- Critical if either registry key has a value other than 0, suggesting a potential issue with Citrix logins or server availability.
Provides detailed output, specifying which registry key had an issue and what its value was.

This agent is crucial for ensuring that Citrix servers are configured correctly for user logins and are not inadvertently placed in maintenance or disabled states. It helps prevent login issues and ensures smooth operation of Citrix environments.

Status: Released
Author: George Miller
Version: 1.0
PScript: MutPsA_CitrixLogins.ps1

Mutiny PowerShell Agent for File Count Monitoring

This PowerShell script is designed to count the number of files in a specified folder on a Windows system. It allows for customized configurations such as whether to count hidden files, include folders, and whether to count files recursively within subfolders. Based on the total file count, it provides status updates indicating whether the file count is within normal parameters or requires attention.

Key Features:

Counts the number of files in a specified folder, with options to include or exclude hidden files and folders.
Supports recursive counting for subfolders if configured.
Customizable thresholds for triggering:
- OK when the file count is below a defined warning threshold.
- Warning when the file count exceeds the warning threshold but is below the critical threshold.
- Critical when the file count exceeds the critical threshold.
Provides a detailed report with the total file count in the specified folder.

This agent is helpful for monitoring folders that should not accumulate an excessive number of files, providing early warnings before performance or storage issues arise due to high file counts. It’s useful for maintaining a tidy and efficient file system.

Status: Released
Author: George Miller
Version: 1.0
PScript: MutPsA_FileCounter.ps1

Mutiny PowerShell Agent for Text Search in Files

This PowerShell script is designed to search for a specific text string within a file. It counts the number of occurrences of the text string and triggers a critical event if the count exceeds a defined threshold. This agent is useful for monitoring log files or configuration files for specific keywords or patterns that require attention.

Key Features:

Searches a specified file for a given text string.
Counts the occurrences of the text string and compares it to a user-defined trigger value.
Triggers a Critical event if the number of occurrences exceeds the specified trigger count.
Provides a detailed report with the number of occurrences found in the file.
Customizable to search for any text string, with the ability to set the critical event threshold and include specific event details.

This agent is ideal for monitoring files for specific keywords or patterns (such as error messages, warnings, or system events), allowing administrators to take prompt action when critical matches are found.

Status: Released
Author: Mark Smith
Version: 1.0
PScript: MutinyPSA_StrFileSearch.ps1

Mutiny PowerShell Agent for Ransomware Detection via File Readability

This PowerShell script is designed to monitor the readability of a specific file, which serves as an early warning for ransomware infection. Ransomware can encrypt files, making them unreadable or altering their content. The script checks if the file is still readable by searching for a specific string, and it triggers a critical event if the file is no longer readable or if the expected string is missing.

Key Features:

Checks whether a specified text file is readable and contains an expected string.
Triggers a Critical event if the file is unreadable (such as during ransomware encryption) or if the string is missing.
Provides an early warning for ransomware infections by detecting when files become inaccessible or altered.
Customizable file path and text string to search for, making it adaptable to different use cases.
Generates a detailed report on the file's readability, providing context for the detected issue.

This agent is essential for detecting early signs of ransomware activity by monitoring key files for changes in readability. It helps to take prompt action to mitigate potential damage from ransomware attacks.

Status: Released
Author: Lawrence
Version: 1.0
PScript: MutPSA_Ransomcheck.zip

Customer Area