MenuPhoneSearch

Mutiny Community ShellStore - Powershell & Remote agents

This collection of Powershell agents can be scheduled by the Mutiny Powershell Scheduler (MPS) and used to enhance application and system monitoring within mutiny.

Users can either copy and paste the code and modify as appropriate and then add them to the MPS or they can download the Mutiny Powershell bundle (.mpk files)and drop it straight on the MPS and run.

If you have coded your own powershell agent why not to share it with us and we will check it over and make it available here.

If you are writing your own agents these reference papers will help with the output that mutiny works with.

General_RA_Spec-V8.pdf

Data_Extensions_to_Remote_Agents.pdf

Agents


Windows Firewall Monitor

This agent checks if any or the windows firewall profiles are turned off and generates an event if one or more are turned off.
Status: Released
Author: Lawrence Freeman & ChatGPT
Version: 1
PScript: MutPSA_FirewallStatus.ps1

Notes:
Add custom agent named "MutPSA_FirewallStatus" to the node in mutiny


Windows Certificate Monitor

This agent checks for expiring Certificates
Status: Released
Author: Lawrence Freeman & ChatGPT
Version: 1.7
PScript: MutPsA_CertificateCounter.ps1

Notes:
Add custom agent named "MutPsA_CertificateCounter" to the node in mutiny


Hyper-V replication health monitor

This agent checks for successful replication
Status: Released
Author: mythofechelon.co.uk and modified for Mutiny
Version: 1.0 updated by Shieraz Bashir
PScript: HyperVReplicationHealthCheck.ps1

Notes:
Add custom agent named "ReplicationHealth" to the node in mutiny


Windows Updates Monitor

This agent checks for available windows(WSUS) updates
Status: Released
Author: Aaron Street and Brandon Pearson
Version: 1.12 updated by Lawrence Freeman
PScript: MutinyWSUSreport.ps1

Notes:
If you run defender on the server, uncomment the the line #Update-MpSignature then schedule the agent to run hourly.
It will then update the defender signature rile before checking for windows updates.


Windows Storage Monitor

Allows the monitoring of mounted and larger HDDs greater than 1TB
Status: Released
Author: AD Murray
Version: 2.2
PScript: WindowsStorageMonitor.ps1 (use <right-click> "save as" to download)


MS Exchange Health Monitor

Measures and graphs the internal transaction time and Queue length in Exchange.
Status: Released
Author: AD Murray
Version: 2.1
PScript: ExchangeHealthMonitor Exchange 2013/16 (use <right-click> "save as" to download)
PScript: Exchange2010HealthMonitor Exchange 2010 (use <right-click> "save as" to download)
Solution Pagehttps://mutiny.freshdesk.com/support/solutions/articles/5000524545-installing-the-powershell-scheduler


MS SQL Health Monitor

Monitors a number of SQL parameters, can be edited to your own requirements.
Status: Released
Author: AD Murray
Version: 2.1
PScript: MSSQLMonitor (use <right-click> "save as" to download)


Disk I/O performance

Graphs system i/o per disk
Status: Released
Author: AD Murray
Version: 1.0PScript: DiskIOmonitor (use <right-click> "save as" to download)


MS IIS App Pool Monitor

Checks that the defined App Pools are running.
Edit the .json file to list the App Pools to be monitored and place it in your agents results folder

Status: Released
Author: G Miller
Version: 1.1
PScriptMutPsA_IISAppPools  (use <right-click> "save as" to download)
Additional filesMutPsA_IISAppPools.json (lives in the agents results folder) (use <right-click> "save as" to download)


Services running

Test the status of services and attempt a restart of the service, also alerts if not restarted.
edit line 11 
$servicesMonitored = @('MSExchangeSA') change the highlighted text for the service you wish to monitor.
Status: Released
Author: G Miller
Version: 1.0
PScriptMutPsA_ServiceMonitor.ps1


Event ID Checker

Searches target event logs for a list of interesting event IDs and alerts when a set number have been found.
Status: Released
Author: George Miller
Version: 2.0
PScriptMutPsA_EventLog.ps1
PScriptMutPsA_EventLog2.ps1 (this version also returns some details)
Additional filesMutPsA_EventLog.json (lives in the agents results folder)
Help pageinstalling-the-event-log-powershell-agent


Citrix terminal server login enabled Monitor

This agent monitors registry entries set by the Citrix server to alert if the Citrix Servers have been set to not allow logins
Status: Released
Author: George Miller
Version: 1.0
PScriptMutPsA_CitrixLogins.ps1


File count agent

This agent counts the number of files in a specified folder and alerts if a threshold is passed. The script can be edited to specify a folder location and set the thresholds for warning and critical events.
Status: Released
Author: George Miller
Version: 1.0
PScriptMutPsA_FileCounter.ps1


File string search agent

This agent searches for a text string in a file in a specified location and alerts if the string is not found. The script can be edited to specify a folder location and string to be found.
Status: Released
Author: Mark Smith
Version: 1.0
PScriptMutinyPSA_StrFileSearch.ps1


Ransomeware Check agent

This agent searches for a text string in a file in a specified location and alerts if the string is not found or cannot be read. The script can be edited to specify a folder location and string to be found. This simple check can give you an early wrning that files are being encrypted on file shares etc.
Status: Released
Author: Lawrence
Version: 1.0
PScriptMutPSA_Ransomcheck.zip