#Set variables to be used in logging events
$whoami = whoami
$StartTime = Get-Date
#Log an event that our script is starting
$api.LogScriptEvent("ATACenterDiscovery.ps1",3280,0,"v1.7-ATA Center Discovery Script is starting. Running as $whoami.")
#Query the Database
$QueryDistinguishedName = 'db.UniqueEntity.find({_t:`"Site`"},{''DistinguishedName'':1})'
$DBdata = .\Mongo ATA --eval $QueryDistinguishedName
#Process the data
$DBdata = $DBdata[2..($dbdata.Length-1)]
$JsonData = $DBdata | ConvertFrom-Json
foreach($DN in $JsonData){
$string = $DN.DistinguishedName
$ADForest = ($string -split "Configuration,")[1].replace("DC=","").replace(",",".")
}
#$api.LogScriptEvent("ATACenterDiscovery.ps1",3283,0,"v1.7-ForestJsonData is $JsonData")
#$api.LogScriptEvent("ATACenterDiscovery.ps1",3283,0,"v1.7-ADForest is $ADForest")
#Add the data into the PropertyBag
$CenterInstance = $DiscoveryData.CreateClassInstance("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Center']$")
$CenterInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", $computerName)
$CenterInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $computerName)
$CenterInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Center']/ServerName$", $computerName)
$CenterInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Center']/Version$", $Version)
$CenterInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Center']/ConsoleAddress$", $ConsoleAddress)
$CenterInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Center']/ServiceIP$", $ServiceIP)
$CenterInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Center']/ServicePort$", $ServicePort)
$CenterInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Center']/ConsoleCertificateThumbprint$", $ConsoleCertificateThumbprint)
$CenterInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Center']/InstallationPath$", $ATAInstallationPath)
$CenterInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Center']/ADForest$", $ADForest)
$DiscoveryData.AddInstance($CenterInstance)
#$api.LogScriptEvent("ATACenterDiscovery.ps1",3281,0,"v1.7-CenterInstance is $CenterInstance")
IF ($ERROR) {$api.LogScriptEvent("ATACenterDiscovery.ps1",3284,2,"v1.7-Error is $ERROR")}
$CFGFile = $MongoInstallationPath +"\mongod.cfg"
#Process the data
$DBCFG = Get-Content $CFGFile
$DBPath = $DBCFG | where {$_ -like "*dbpath*"}
$DBPath = $DBPath.TrimStart(" dbPath: ")
#$api.LogScriptEvent("ATACenterDiscovery.ps1",3283,0,"v1.7-DBPath is $DBPath")
#Add the data into the PropertyBag
$DatabaseInstance = $DiscoveryData.CreateClassInstance("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Database']$")
# Add Props for MongoDB
$DatabaseInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", $computerName)
$DatabaseInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Database']/DBPath$", $DBPath)
$DatabaseInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Database']/ServerName$", $computerName)
$DatabaseInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Center']/ServerName$", $computerName)
$DatabaseInstance.AddProperty("$MPElement[Name='Microsoft.AdvancedThreatAnalytics.1_7.Center']/ServiceIP$", $ServiceIP)
$DatabaseInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $ComputerName)
$DiscoveryData.AddInstance($DatabaseInstance)
#$api.LogScriptEvent("ATACenterDiscovery.ps1",3282,0,"v1.7-DatabaseInstance is $DatabaseInstance")
IF ($ERROR) {$api.LogScriptEvent("ATACenterDiscovery.ps1",3284,2,"v1.7-Error is $ERROR")}
#Log an event for script ending and total execution time.
$EndTime = Get-Date
$ScriptTime = ($EndTime - $StartTime).TotalSeconds
$api.LogScriptEvent("ATACenterDiscovery.ps1",3281,0,"v1.7-ATA Center Discovery Script is complete. Version is $Version. Total runtime ($ScriptTime) seconds.")
#Output the PropertyBag data for SCOM consumption:
$DiscoveryData
IF ($DiscoveryData) {$api.LogScriptEvent("ATACenterDiscovery.ps1",3283,0,"v1.7-Discovery Data is $DiscoveryData")}
}
Else{
#Log an event for script ending and total execution time.
$EndTime = Get-Date
$ScriptTime = ($EndTime - $StartTime).TotalSeconds
$api.LogScriptEvent("ATACenterDiscovery.ps1",3281,0,"v1.7-ATA Center Discovery Script is complete. This server is not a 1.7 center. Total runtime ($ScriptTime) seconds.")
IF ($ERROR) {$api.LogScriptEvent("ATACenterDiscovery.ps1",3284,2,"V1.8-Error is $ERROR")}
}
}
Else{
#Log an event for script ending and total execution time.
$EndTime = Get-Date
$ScriptTime = ($EndTime - $StartTime).TotalSeconds
$api.LogScriptEvent("ATACenterDiscovery.ps1",3281,0,"v1.7-ATA Center Discovery Script is complete. This server is not a center. Total runtime ($ScriptTime) seconds.")
IF ($ERROR) {$api.LogScriptEvent("ATACenterDiscovery.ps1",3284,2,"v1.7-Error is $ERROR")}
}</Script></ScriptBody>
<Parameters>
<Parameter>
<Name>SourceID</Name>
<Value>$MPElement$</Value>
</Parameter>
<Parameter>
<Name>ManagedEntityID</Name>
<Value>$Target/Id$</Value>
</Parameter>
<Parameter>
<Name>computerName</Name>
<Value>$Config/computerName$</Value>
</Parameter>
</Parameters>
<TimeoutSeconds>60</TimeoutSeconds>
</ProbeAction>
</MemberModules>
<Composition>
<Node ID="PowerShell">
<Node ID="Scheduler"/>
</Node>
</Composition>
</Composite>
</ModuleImplementation>
<OutputType>System!System.Discovery.Data</OutputType>
</DataSourceModuleType>