A user created a PowerShell script to check if a machine is running MS Defender Endpoint in EDR Block Mode and asked about setting up a trigger for alerts. Another user suggested using event log entries to trigger actions, citing a thread discussing it on the ControlUp Community Slack. The original script is provided in the discussion for reference and the user updates it to address false positive reports. The final version of the script is tested and confirmed to work.
Read the entire article here...
ControlUp Community Training & Support Archives
All training and support-related archives from inside the ControlUp Community on Slack.
Clarifying the Redirect Issue in Custom Hive Overview
Users discussed an issue with Custom Hive Overview where navigating to https://api.scoutbees.io redirected them to a different page. They confirmed that the image was correct and that the redirect was to the documentation page for Scoutbees API, which can now be found at https://api.controlup.io/. They also mentioned that the redirect only occurs when accessing the page through a browser and not through a different connection.
Read the entire article here...
Read the entire article here...
Configuring ControlUp to Send Logs to On-Prem QRadar using API
A user asked about configuring ControlUp to send logs to an on-prem QRadar using an API. Another user provided the API endpoint and praised ControlUp's developers. The API endpoint can be found at https://api.controlup.io/reference/orgauditlogpubliccontroller_getall
Read the entire article here...
Read the entire article here...
Exciting New Feature for ControlUp Users: Bulk Selection of Alerts with Ability to Set Severity in Bulk
Two members complimented a new feature bulk selection of alerts. One member requested the ability to set severity for multiple alerts at once. This would save time for those with over 90 alerts set up.
Read the entire article here...
Read the entire article here...
Troubleshooting a Stopped Trigger in ControlUp
A user is experiencing trouble with a trigger that suddenly stopped working. They shared a screenshot of the trigger and asked for suggestions on how to improve it. Other members chimed in and offered potential solutions, such as checking the trigger's configuration in PowerShell and verifying the versions. A script to test triggers was also suggested. The user has resorted to using a PS script via scheduled task for alerts. They also checked the Web Interface, which reported a server as Not Active even though it was running in SGP. They requested a script to test triggers. They were also asked what the Get-BrokerController showed for those brokers.
Read the entire article here...
Read the entire article here...
Dealing with a Compliance Alert in ControlUp
A user received a compliance alert about the "built-in" local Windows administrator account being in the local administrators group, which is a default and mandatory setting. There was discussion about how to deal with this issue and suggestions were made to check and exclude items in the scanning template. One user suggested that the setting could be more useful if it could identify other accounts and ignore the built-in "administrator" account. The issue was passed on to the secure DX PM.
Read the entire article here...
Read the entire article here...
Troubleshooting Remote Client Score Metrics in ControlUp after updating environment
A user asked about issues with remote client score metrics after updating their ControlUp environment and corresponding agent. A member from the ControlUp team offered a suggestion to check for specific virtual channels and make sure the cuAgentHelper.exe process was running in those sessions. The user was able to resolve the issue based on this advice.
Read the entire article here...
Read the entire article here...
Deploying ControlUp Agent via Console
A user asked about deploying ControlUp agent via console. It was clarified that while the agent manager has .net embedded, the agent itself does not. A separate deployment is needed.
Read the entire article here...
Read the entire article here...
Uninstalling ControlUp Agent Using Powershell
A user asked for guidance on uninstalling an agent from an on-premises architecture using Powershell and CUP version 8.8. The solution suggested by another user was to access the registry at "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ControlUpAgent" to find the uninstall string and remove the agent. No ControlUp URLs were mentioned.
Read the entire article here...
Read the entire article here...
Connecting Machines in a File with ControlUp Real Time DX
A user wondered if Real Time DX can connect to a list of machines in a file. Another user clarified that while this feature is not currently available, it is possible to add devices to the console through a CSV file and deploy the agent.
Read the entire article here...
Read the entire article here...