Bitlocker report

jens
jens Member Posts: 6
edited December 2023 in Reporting

Hi

I have been asked to document the use of Bitlocker for at client.

Has anyone manged get that in a report?
My idea so far is to modify the get_bitlocker script to update a custom field that will be included in the excel export of the audit report.

Anyone else?

Tagged:

Comments

  • jens
    jens Member Posts: 6

    Ok.. yey.. I just discovered that it's actually in the string for each disk in the audit report…

  • kim
    kim Member Posts: 113 ✭✭✭

    Thank you for asking and sharing your response @jens! I hadn’t tried this out yet, but this is super helpful!

    Sincerely,

    Kim

  • DP
    DP Member Posts: 56 ✭✭✭

    @jens are you talking about the Auditor report? I can't see the keys in there, not even in the export to excel. Can you help?

  • dragos.t
    dragos.t Internal, Support Moderator Posts: 51 admin

    Hello everyone,

    When it comes to the Bitlocker key, there is no way to export it using the Auditor report. For reports we only show the Status of Bitlocker.

    At the moment, you can only see the Bitlocker key when you access an agent, going to the Disks section and clicking the eye to view the key for Bitlocker.

    Now, this is not a suitable solution, so let's do a workaround. There are some options that we can do.

    You can create a script within Atera that queries your devices for the Bitlocker key. Please refer to this article to see how to upload/create a script within Atera.

    Create, upload, and generate scripts – Atera Support

    After creating a script, you will need to generate an IT Automation profile and assign the script that we just created to the profile itself. You also have the option to schedule the profile to run anytime you wish automatically.

    Schedule an IT Automation profile – Atera Support

    Automate patch management via IT automation profiles – Atera Support

    Automatically run scripts via automation profiles – Atera Support

    After creating the profile, you will need to assign it to your customers/folders/devices. Please see this article.

    Assign automation profiles to customers, folders, or agents – Atera Support

    Now that we have everything setup. Anytime the IT Automation profile runs, the script attached to it will also run and you will be able to see the output of the script within the Patch & Automation Feedback

    Access script output from the Patch and Automation feedback report – Atera Support

    You can then export the report to get the output in an Excel file. This would be the only way to export the keys that any customer can do regardless of their Plan associated with the Atera account.

    Another solution if you are on the highest plan, is to take advantage of the new Script-based custom fields. Basically, you add a .ps1 script to your Atera account, which will show the output of the script within the Custom Fields section on the new Agent page.

    Custom fields – Atera Support

    image.png

    Now after creating the script-based custom field and you see the BitLocker key as the output, you have 2 options for exporting the key:

    The first one is to use the Advance Reports module, you create a "New report" and select the Agent Custom Fields database. Then you would have to generate the report with the following fields. You can also add some additional fields.

    Create advanced reports – Atera Support

    • Field Name - Make sure to filter based on the Bitlocker field name that you chose when creating the custom field.
    • Field Value
    • Agent ID
    • Agent Name
    • Agent Version

    Filter advanced reports – Atera Support

    image.png

    After this, you can see the BitLocker key within the report. You can schedule and export the details anytime you wish.

    Schedule advanced reports – Atera Support

    Keep in mind that there is no Advance report that can show the Bitlocker key present within the Disk section of the Agent page, we would need to create a custom field to appear in Advance reports.

    Another option option with Script-based monitoring is to use the API. After you create the Script-based custom field that shows the Bitlocker key, you can actually use the API to extract the information from that specific field.

    APIs – Atera Support

    For the API, you would have to use the call "GET /api/v3/customvalues/agentfield/{agentId}/{fieldName}"

    There you enter the AgentId and the filed name (the one for BitLocker), and the API will return the key for the specific device based on the value inside the script-based custom field.

    This option is more tedious to do, and there is quite some setup, but it is another option that could be used.

    Also, we have forwarded this thread to our internal teams. I would also suggest everyone post/vote on this idea on our features board.

    Use The Atera Features Board – Atera Support

  • DP
    DP Member Posts: 56 ✭✭✭

    Thanks for the detailed workaround. What a hassle.

    Can't Atera just add it to the audit report - e.g. "include bitlocker key"?

Topics