How can I produce a report that shows activity on an endpoint? The audit report only shows current status. I would love to be able to show my customers:

On this endpoint, this month

• 9 Windows updates were installed
• 4 3rd party apps were patched
• 2 new apps were installed
• 1 security event was resolved

and these scripts were run

• 4/1/22: Backup - successful
• 4/2/22: Backup - successful
               Configuration - successful
• 4/3/22: etc.

Every script run should be shown. If scripts were run as part of a task, a workflow, or manually from the UI, they should all be shown with date/time, script name and result.

This info must be in the database. How can I get to it?

 

I have solved this the best way I can for now. Set up Low level alerts for everything I want to report on. Use a rule in my email client to direct the large volume of messages to a folder that is not my inbox.

Add code to all my scripts to insert a Windows Event with a unique source and Event ID. Set up endpoint policies to alert on these events.

Now, to report, I can go to Server Admin, Notifications and query for these records. Output to CSV and do a little awk and grep to extract and format the information. Finally import into a spreadsheet template formatted to produce a nice looking report.

Except for the report production, the rest is automated.