Getting Microsoft Defender ATP on Plesk
Download the onboarding code/script
I dumped the .zip file in /root/defender
then execute it with Python to install the right “stuff” so the defender binary can talk to your org/api thing
python MicrosoftDefenderATPOnboardingLinuxServer.py Generating /etc/opt/microsoft/mdatp/mdatp_onboard.json ...
Now lets download the binary installer
https://github.com/microsoft/mdatp-xplat/blob/master/linux/installation/mde_installer.sh
wget https://raw.githubusercontent.com/microsoft/mdatp-xplat/master/linux/installation/mde_installer.sh chmod +x mde_installer.sh ./mde_installer.sh
This should onboard the Plesk with defender.
Configure defender
mdatp config real-time-protection --value enabled mdatp threat policy set --type potentially_unwanted_application --action block mdatp config network-protection enforcement-level --value block mdatp config behavior-monitoring --value enabled mdatp config behavior-monitoring-statistics --value enabled mdatp config ebpf-supplementary-event-provider --value enabled mdatp config ptrace-scope --value enabled
Give it a quick full scan, because why the hell not
mdatp scan full