Automating FEP Reports

Applies To: Forefront Endpoint Protection

You can automate retrieval of FEP reports by using Windows PowerShell.

Prerequisites

In order to create a script similar to the example in this topic, you must have the following prerequisite software:

• Windows PowerShell 2.0

The following example script demonstrates how to retrieve a FEP computer list report as an XML object and then display the computer list.

$ReportServer = "ReportServer.contoso.com" #Change the value in quotes to your report server FQDN.
$SiteCode = "FEP" #Change the value in quotes to your site code.

#URI to the .asmx file on the report server – change the value in quotes to the appropriate path on your report server.  
$URI  = "https://$ReportServer//ReportServer//ReportExecution2005.asmx?wsdl"

#Report Path – to retrieve a different report, replace the name of the report             
$ReportPath = "/Forefront Endpoint Protection_$SiteCode/Antimalware/Computer List Report"

# Create the web service proxy for the reports
New-WebServiceProxy -Uri $URI -UseDefaultCredential -namespace "ReportExecution2005" | out-null
            
$ReportService = new-object ReportExecution2005.ReportExecutionService            
$ReportService.Credentials = [System.Net.CredentialCache]::DefaultCredentials             
            
# Load report
$ReportService.GetType().GetMethod("LoadReport").Invoke($ReportService, @($ReportPath, $null)) | out-null                         

# Report Parameters            
# Depending on the number of parameters being used in the report, you may need to add or remove parameters. Specify by changing the Param1.Value line.

# Report Time Span 
# 1 - Custom  - Should be used along with CustomStartDate and CustomEndDate 
# 2 - Day
# 3 - Week
# 4 - Month
# 5 - Quarter
# 6 - Year

$param1 = new-object ReportExecution2005.ParameterValue         
$param1.Name = "ReportSpan" 
$param1.Value = 3

# Number of computers to which to limit the report. -1 specifies that there is no limit.
$param2 = new-object ReportExecution2005.ParameterValue            
$param2.Name = "NumberOfReturnedComputersParameter" 
$param2.Value = -1

# Security State parameter:
# 1 - Clean
# 2 - Recent malware activity (last 24 hours)
# 3 - Action Required
# 4 - Infected

$param3 = new-object ReportExecution2005.ParameterValue            
$param3.Name = "SecurityStateParameter"            
$param3.Value = 2
           
# The following ReportScope parameter is optional; it limits the report to a single collection.
# The ID can be found in FEPDW (FEPDW_[SiteCode]) database using the following query: 
# SELECT * FROM vwFEP_Common_CollectionLookupDimension

#$param4 = new-object ReportExecution2005.ParameterValue            
#$param4.Name = "ReportScope" 
#$param4.Value = "1002"

$parameters = [ReportExecution2005.ParameterValue[]] ($param1, $param2, $param3)
            
$ExecParams = $ReportService.SetExecutionParameters($parameters, "en-us");             

# For more report parameter options, see ReportExecutionService.Render Method (https://go.microsoft.com/fwlink/?LinkId=208533) on MSDN.
$format = "xml"            
$deviceinfo = ""            
$extention = ""            
$mimeType = ""            
$encoding = "UTF-8"            
$warnings = $null            
$streamIDs = $null  

$ReportAsStream = $ReportService.Render($format, $deviceInfo,[ref] $extention, [ref] $mimeType,[ref] $encoding, [ref] $warnings, [ref] $streamIDs)
$ReportAsString = [Text.Encoding]::UTF8.GetString($ReportAsStream)

$ReportAsXml = [xml]$ReportAsString.Trim()

# Access the report data using the xml object. It possible to use XPath or any XMLDocument methods to parse the xml.
$computers = $ReportAsXml.GetElementsByTagName("Detail")  

foreach ($computer in $computers)
{
Write-Host $computer.ComputerName $computer.SecurityState 
}