Security - Stale Bitlocker Data
Summary
This document detects Windows computers where the SEC - Encryption - Script - Bitlocker - Audit script has not executed at least once in the past month and initiates its execution.
Note: For Windows servers to be eligible for BitLocker, the following roles must be enabled on the server:
- Windows Server BitLocker
- Windows Server BitLocker-Utilities
- Windows Server BitLocker-RemoteAdminTool
Run the SQL provided in the document below from RAWSQL to import these roles into Automate:
CWM - Automate - Roles - BitLocker
Dependencies
- SEC - Encryption - Custom Table - plugin_proval_bitlocker_audit
- SEC - Encryption - Script - Bitlocker - Audit
- Internal Monitor - ProVal - Production - Security - Stale BitLocker Data
Target
Global
Alert Template
Name: △ CUSTOM - Execute Script - Bitlocker - Audit
Available for import within the ProSync Plugin.
Note: Ensure the presence of the SEC - Encryption - Custom Table - plugin_proval_bitlocker_audit table and the SEC - Encryption - Script - Bitlocker - Audit script in the environment before creating the monitor set and importing the alert template.