Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

MDE analyzer report file path

Copper Contributor

I did MDE analyzer for Linux.

But I cound't get report of MDE analyzer

Where can I get that?

 

Below is log for ./MDESupportTool -d

Skipping report generator [connectivity_events] as mdatp is not installed
Skipping report generator [process_running] as mdatp is not installed
Skipping data collector function [MDE Diagnostic] as mdatp is not installed
Skipping data collector function [MDE Health] as mdatp is not installed
Skipping data collector function [MDE Health Features] as mdatp is not installed
Skipping data collector function [DLP Health] as mdatp is not installed
Skipping data collector function [MDE Permissions] as mdatp is not installed
Skipping data collector function [MDE antivirus-engine-pool-content] as mdatp is not installed
Skipping data collector function [macOS wdavdaemon process vmmap] as mdatp is not installed
Skipping data collector function [macOS process sampling] as mdatp is not installed
Skipping data collector function [MDE Crashes Information] as mdatp is not installed
Skipping data collector function [Proc Directory] as mdatp is not installed
Skipping data collector function [MDE Exclusions] as mdatp is not installed
Skipping data collector function [MDE Definitions Details] as mdatp is not installed
Skipping data collector function [MDE Directories List] as mdatp is not installed
Skipping data collector function [DLP Enforcement Policy] as mdatp is not installed
Skipping data collector function [DLP Classification Policy] as mdatp is not installed
Skipping data collector function [Extended Attribute Info] as mdatp is not installed
Skipping data collector function [MDE User Info] as mdatp is not installed
Skipping data collector function [MDE Definitions Mount Point] as mdatp is not installed
Skipping data collector function [MDE Service Status] as mdatp is not installed
Skipping data collector function [MDE Open File Descriptors Info] as mdatp is not installed
Skipping data collector function [Memory Leaks Info] as mdatp is not installed
Skipping data collector function [rtp statistics] as mdatp is not installed
Skipping data collector function [/tmp files owned by group:mdatp] as mdatp is not installed
Skipping data collector function [MDATP configurations] as mdatp is not installed
Skipping data collector function [Enginedb files] as mdatp is not installed
Skipping data collector function [MDE Event statistics] as mdatp is not installed
Skipping data collector function [MDE eBPF statistics(Linux platform)] as mdatp is not installed
[2023-07-28 07:07:10.997][INFO] XMDEClientAnalyzer Version: 1.3.1

This script is designed to collect information that will help Microsoft Customer Support Services (CSS) troubleshoot issues you may be experiencing with Microsoft Defender for Endpoint.
The logs and traces collected by this tool may contain Personally Identifiable Information (PII) and/or sensitive data, such as (but not limited to) IP addresses, PC names, and user names.
Once data collection is complete, the script will save the data to subfolder and compressed zip file.
This data will not be sent to Microsoft automatically.
You can share the compressed zip file with Microsoft support personnel using Secure File Exchange.
For more information about Secure File Exchange, refer to:
https://support.microsoft.com/help/4012140/how-to-use-secure-file-exchange-to-exchange-files-with-mi...
For more information about our privacy statement, refer to:
https://privacy.microsoft.com/privacystatement
Please reach out to your support professional if you have any questions or concerns.

Do you wish to continue? [y/n]
y
[2023-07-28 07:07:13.946][INFO] Top Command output: [/tmp/top_output_2023_07_28_07_07_10vx7rgei4.txt]
[2023-07-28 07:07:13.947][INFO] Top Command Summary: [/tmp/top_summary_2023_07_28_07_07_10398slcw4.txt]
[2023-07-28 07:07:13.947][INFO] Top Command Outliers: [/tmp/top_outlier_2023_07_28_07_07_10xvwc2ti2.txt]
[2023-07-28 07:07:13.947][INFO] [MDE Diagnostic]
[2023-07-28 07:07:13.947][INFO] Collecting Process Information
[2023-07-28 07:07:13.965][INFO] Adding process_information.txt to report directory
[2023-07-28 07:07:13.966][INFO] Collecting AuditD information
[2023-07-28 07:07:14.010][WARNING] Executing failed with return code: 4
[2023-07-28 07:07:14.010][WARNING] output [Unit auditd.service could not be found.]
[2023-07-28 07:07:14.011][WARNING] stderr []
[2023-07-28 07:07:14.039][WARNING] Executing failed with return code: 1
[2023-07-28 07:07:14.039][WARNING] output [cat: /etc/audit/auditd.conf: No such file or directory]
[2023-07-28 07:07:14.039][WARNING] stderr []
[2023-07-28 07:07:14.039][ERROR] Diagnostics collection encountered an issue at function AuditD information - sequence item 2: expected str instance, NoneType found
[2023-07-28 07:07:14.040][INFO] Collecting AuditD analysis
[2023-07-28 07:07:14.041][INFO] Adding auditd_log_analysis.txt, auditd_logs.zip to report directory
[2023-07-28 07:07:14.041][INFO] Collecting Collecting syslog/messages
[2023-07-28 07:07:14.076][INFO] Adding syslogs.zip to report directory
[2023-07-28 07:07:14.077][INFO] Collecting MDE Conflicting Processes
[2023-07-28 07:07:14.350][INFO] Adding conflicting_processes_information.txt to report directory
[2023-07-28 07:07:14.350][INFO] Collecting Disk Usage
[2023-07-28 07:07:14.356][INFO] Adding disk_usage.txt to report directory
[2023-07-28 07:07:14.356][INFO] Collecting Hardware Information
[2023-07-28 07:07:14.362][ERROR] Diagnostics collection encountered an issue at function Hardware Information -

RAN: /usr/bin/lshw

STDOUT:


STDERR:
/usr/bin/lshw: /home/suzie/XMDEClientAnalyzerBinary/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by /usr/bin/lshw)
/usr/bin/lshw: /home/suzie/XMDEClientAnalyzerBinary/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by /usr/bin/lshw)
/usr/bin/lshw: /home/suzie/XMDEClientAnalyzerBinary/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by /usr/bin/lshw)

[2023-07-28 07:07:14.363][INFO] Collecting Mount Info
[2023-07-28 07:07:14.370][INFO] Adding mount.txt to report directory
[2023-07-28 07:07:14.370][INFO] Collecting Uname Info
[2023-07-28 07:07:14.375][INFO] Adding uname.txt to report directory
[2023-07-28 07:07:14.375][INFO] Collecting Memory Info
[2023-07-28 07:07:14.382][INFO] Adding memory.txt to report directory
[2023-07-28 07:07:14.382][INFO] Collecting Meminfo command
[2023-07-28 07:07:14.388][INFO] Adding meminfo.txt to report directory
[2023-07-28 07:07:14.388][INFO] Collecting CPU Info
[2023-07-28 07:07:14.394][INFO] Adding cpuinfo.txt to report directory
[2023-07-28 07:07:14.394][INFO] Collecting SELinux Status Info
[2023-07-28 07:07:14.395][ERROR] Diagnostics collection encountered an issue at function SELinux Status Info - sestatus
[2023-07-28 07:07:14.395][INFO] Collecting machine info commands
[2023-07-28 07:07:14.562][INFO] Adding top.txt to report directory
[2023-07-28 07:07:14.563][INFO] Collecting libc information
[2023-07-28 07:07:14.586][INFO] Adding libc_info.txt to report directory
[2023-07-28 07:07:14.586][INFO] Collecting Uptime Info
[2023-07-28 07:07:14.592][INFO] Adding uptime_info.txt to report directory
[2023-07-28 07:07:14.593][INFO] Collecting Linux iptables rules
[2023-07-28 07:07:14.617][INFO] Adding iptables_rules.txt to report directory
[2023-07-28 07:07:14.617][INFO] Collecting Network information
[2023-07-28 07:07:14.644][ERROR] Function failed: nft
[2023-07-28 07:07:14.650][INFO] Adding network_info.txt to report directory
[2023-07-28 07:07:14.650][INFO] Collecting Sysctl information
[2023-07-28 07:07:14.679][INFO] Adding sysctl_info.txt to report directory
[2023-07-28 07:07:14.679][INFO] Collecting Hostname diagnostics information
[2023-07-28 07:07:14.714][ERROR] Function failed: dnshostname
[2023-07-28 07:07:14.753][ERROR] Function failed:

RAN: /usr/bin/getent ahosts '`hostname`'

STDOUT:


STDERR:

[2023-07-28 07:07:14.758][INFO] Adding hostname_diagnostics.txt to report directory
[2023-07-28 07:07:14.758][INFO] Collecting Kernel logs
[2023-07-28 07:07:14.767][INFO] Adding kernel_logs.zip to report directory
[2023-07-28 07:07:14.767][INFO] Collecting MDC logs
[2023-07-28 07:07:14.772][INFO] Adding mdc_log.zip to report directory
[2023-07-28 07:07:21.588][INFO] [Report Generator]
[2023-07-28 07:07:21.614][WARNING] Executing failed with return code: 4
[2023-07-28 07:07:21.614][WARNING] output [Unit auditd.service could not be found.]
[2023-07-28 07:07:21.614][WARNING] stderr []
[2023-07-28 07:07:21.617][ERROR] Report generator encountered an issue at function populate_device_info - expected string or bytes-like object
{'process_information.txt': '/tmp/processes_info_2023_07_28_07_07_102vrm9dzc.txt', 'auditd_log_analysis.txt': '/tmp/auditd_log_2023_07_28_07_07_10s1dijllm.txt', 'auditd_logs.zip': '/tmp/auditd_logs_2023_07_28_07_07_10jzq9k0iq.zip', 'syslogs.zip': '/tmp/syslog_2023_07_28_07_07_109a6civr8.zip', 'conflicting_processes_information.txt': '/tmp/conflicting_processes_2023_07_28_07_07_103uvwjmj8.txt', 'disk_usage.txt': '/tmp/disk_usage_2023_07_28_07_07_101j43d9ov.txt', 'mount.txt': '/tmp/mount_2023_07_28_07_07_107vogjxdi.txt', 'uname.txt': '/tmp/uname_2023_07_28_07_07_109hblv687.txt', 'memory.txt': '/tmp/memory_2023_07_28_07_07_10a3h16x9m.txt', 'meminfo.txt': '/tmp/meminfo_2023_07_28_07_07_10k7o1n_6x.txt', 'cpuinfo.txt': '/tmp/cpuinfo_2023_07_28_07_07_10x1xdz_04.txt', 'top.txt': '/tmp/top_2023_07_28_07_07_10byowpvci.txt', 'libc_info.txt': '/tmp/libc_info_2023_07_28_07_07_104xio0pge.txt', 'uptime_info.txt': '/tmp/uptime_info_2023_07_28_07_07_100hb409wj.txt', 'iptables_rules.txt': '/tmp/iptables_rules_2023_07_28_07_07_1059m66w3z.txt', 'network_info.txt': '/tmp/network_info_2023_07_28_07_07_104v1e_jng.txt', 'sysctl_info.txt': '/tmp/sysctl_info_2023_07_28_07_07_10zzji7d6z.txt', 'hostname_diagnostics.txt': '/tmp/hostname_diag_2023_07_28_07_07_103y9la2k6.txt', 'kernel_logs.zip': '/tmp/kernel_logs_2023_07_28_07_07_10_b31lafv.zip', 'mdc_log.zip': '/tmp/mdc_logs_2023_07_28_07_07_10k76tjvwn.zip', 'top_output.txt': '/tmp/top_output_2023_07_28_07_07_10vx7rgei4.txt', 'top_summary.txt': '/tmp/top_summary_2023_07_28_07_07_10398slcw4.txt', 'top_outliers.txt': '/tmp/top_outlier_2023_07_28_07_07_10xvwc2ti2.txt'}
[2023-07-28 07:07:21.666][INFO] Archive created at: /tmp/28_07_2023_07_07_10_output.zip

 

6 Replies
Hello, did you onboard this linux machine on mde using the microsoft doc that has several commands to run to validate dependencies or did you use the new model that you have to download a script via github and install everything as dependencies?
I onboarded this linux machine on mde using the microsoft doc from this link https://learn.microsoft.com/ko-kr/microsoft-365/security/defender-endpoint/linux-support-perf?view=o...
and, when i put " echo 'C94E3D630730E5A2B605FD295BD81D93997888F4CB2B2694076FCFDE85876C13 XMDEClientAnalyzerBinary' | sha256sum -c"
I got below output
XMDEClientAnalyzerBinary: FAILED
sha256sum: WARNING: 1 computed checksum did NOT match
please try


echo 'E8D1B752A937E9AB305AE3C30737E31D75AE6FF9299002AB23F5C463C77DD159 XMDEClientAnalyzerBinary.zip' | sha256sum -c

I got ok but I don't know where is the report.html

root@ubuntu:~/test2/XMDEClientAnalyzerBinary# sudo ./MDESupportTool -d
[2023-08-03 03:44:47.991][INFO] XMDEClientAnalyzer Version: 1.3.1

This script is designed to collect information that will help Microsoft Customer Support Services (CSS) troubleshoot issues you may be experiencing with Microsoft Defender for Endpoint.
The logs and traces collected by this tool may contain Personally Identifiable Information (PII) and/or sensitive data, such as (but not limited to) IP addresses, PC names, and user names.
Once data collection is complete, the script will save the data to subfolder and compressed zip file.
This data will not be sent to Microsoft automatically.
You can share the compressed zip file with Microsoft support personnel using Secure File Exchange.
For more information about Secure File Exchange, refer to:
https://support.microsoft.com/help/4012140/how-to-use-secure-file-exchange-to-exchange-files-with-mi...
For more information about our privacy statement, refer to:
https://privacy.microsoft.com/privacystatement
Please reach out to your support professional if you have any questions or concerns.

Do you wish to continue? [y/n]
y
[2023-08-03 03:44:49.713][INFO] Top Command output: [/tmp/top_output_2023_08_03_03_44_47b3dmh28a.txt]
[2023-08-03 03:44:49.714][INFO] Top Command Summary: [/tmp/top_summary_2023_08_03_03_44_47abgjpd9j.txt]
[2023-08-03 03:44:49.714][INFO] Top Command Outliers: [/tmp/top_outlier_2023_08_03_03_44_473ep8lgj2.txt]
[2023-08-03 03:44:49.714][INFO] [MDE Diagnostic]
[2023-08-03 03:44:49.714][INFO] Collecting MDE Diagnostic
[2023-08-03 03:44:51.509][INFO] [SLEEP] [3sec] waiting for agent to create diagnostic package
[2023-08-03 03:44:54.512][INFO] diagnostic package path: /var/opt/microsoft/mdatp/wdavdiag/143e3dbd-57e2-4629-8b7d-6246c0201a76.zip
[2023-08-03 03:44:54.512][INFO] Successfully created MDE diagnostic zip
[2023-08-03 03:44:54.512][INFO] Adding mde_diagnostic.zip to report directory
[2023-08-03 03:44:54.512][INFO] Collecting MDE Health
[2023-08-03 03:44:54.723][INFO] Adding health.txt to report directory
[2023-08-03 03:44:54.724][INFO] Collecting MDE Health Features
[2023-08-03 03:44:54.935][INFO] Adding health_details_features.txt to report directory
[2023-08-03 03:44:54.936][INFO] Collecting MDE Permissions
[2023-08-03 03:44:55.179][INFO] Adding permissions.txt to report directory
[2023-08-03 03:44:55.180][INFO] Collecting MDE antivirus-engine-pool-content
[2023-08-03 03:44:55.288][ERROR] Diagnostics collection encountered an issue at function MDE antivirus-engine-pool-content - 'diagnostics_antivirus_engine_pool_content'
[2023-08-03 03:44:55.290][INFO] Collecting MDE Crashes Information
[2023-08-03 03:44:55.291][INFO] collecting crash dumps
[2023-08-03 03:44:55.292][INFO] No crash dumps or logs found
[2023-08-03 03:44:55.293][INFO] Collecting Process Information
[2023-08-03 03:44:55.329][INFO] Adding process_information.txt to report directory
[2023-08-03 03:44:55.330][INFO] Collecting Proc Directory
[2023-08-03 03:44:55.427][INFO] Adding proc_directory_info.txt to report directory
[2023-08-03 03:44:55.430][INFO] Collecting AuditD information
[2023-08-03 03:44:55.856][INFO] Adding auditd_info.txt to report directory
[2023-08-03 03:44:55.859][INFO] Collecting AuditD analysis
[2023-08-03 03:44:59.638][INFO] Adding auditd_log_analysis.txt, auditd_logs.zip to report directory
[2023-08-03 03:44:59.639][INFO] Collecting Collecting syslog/messages
[2023-08-03 03:44:59.651][INFO] Adding syslogs.zip to report directory
[2023-08-03 03:44:59.652][INFO] Collecting MDE Conflicting Processes
[2023-08-03 03:45:00.428][INFO] Adding conflicting_processes_information.txt to report directory
[2023-08-03 03:45:00.432][INFO] Collecting MDE Exclusions
[2023-08-03 03:45:00.539][INFO] Adding exclusions.txt to report directory
[2023-08-03 03:45:00.540][INFO] Collecting MDE Definitions Details
[2023-08-03 03:45:00.747][INFO] Adding definitions.txt to report directory
[2023-08-03 03:45:00.750][INFO] Collecting MDE Directories List
[2023-08-03 03:45:00.888][INFO] Adding mde_directories.txt to report directory
[2023-08-03 03:45:00.892][INFO] Collecting Disk Usage
[2023-08-03 03:45:00.911][INFO] Adding disk_usage.txt to report directory
[2023-08-03 03:45:00.913][INFO] Collecting MDE User Info
[2023-08-03 03:45:00.933][INFO] Adding mde_user.txt to report directory
[2023-08-03 03:45:00.934][INFO] Collecting MDE Definitions Mount Point
[2023-08-03 03:45:00.956][INFO] Adding mde_definitions_mount.txt to report directory
[2023-08-03 03:45:00.957][INFO] Collecting MDE Service Status
[2023-08-03 03:45:01.008][INFO] Adding service_status.txt to report directory
[2023-08-03 03:45:01.011][INFO] Collecting Hardware Information
[2023-08-03 03:45:01.029][ERROR] Diagnostics collection encountered an issue at function Hardware Information -

RAN: /usr/bin/lshw

STDOUT:


STDERR:
/usr/bin/lshw: /root/test2/XMDEClientAnalyzerBinary/libstdc++.so.6: version `GLIBCXX_3.4.20' not found (required by /usr/bin/lshw)
/usr/bin/lshw: /root/test2/XMDEClientAnalyzerBinary/libstdc++.so.6: version `CXXABI_1.3.9' not found (required by /usr/bin/lshw)
/usr/bin/lshw: /root/test2/XMDEClientAnalyzerBinary/libstdc++.so.6: version `GLIBCXX_3.4.21' not found (required by /usr/bin/lshw)

[2023-08-03 03:45:01.032][INFO] Collecting Mount Info
[2023-08-03 03:45:01.051][INFO] Adding mount.txt to report directory
[2023-08-03 03:45:01.053][INFO] Collecting Uname Info
[2023-08-03 03:45:01.072][INFO] Adding uname.txt to report directory
[2023-08-03 03:45:01.073][INFO] Collecting Memory Info
[2023-08-03 03:45:01.091][INFO] Adding memory.txt to report directory
[2023-08-03 03:45:01.093][INFO] Collecting Meminfo command
[2023-08-03 03:45:01.110][INFO] Adding meminfo.txt to report directory
[2023-08-03 03:45:01.111][INFO] Collecting CPU Info
[2023-08-03 03:45:01.130][INFO] Adding cpuinfo.txt to report directory
[2023-08-03 03:45:01.131][INFO] Collecting MDE Open File Descriptors Info
[2023-08-03 03:45:01.214][INFO] Adding lsof.txt to report directory
[2023-08-03 03:45:01.215][INFO] Collecting SELinux Status Info
[2023-08-03 03:45:01.216][ERROR] Diagnostics collection encountered an issue at function SELinux Status Info - sestatus
[2023-08-03 03:45:01.217][INFO] Collecting machine info commands
[2023-08-03 03:45:01.411][INFO] Adding top.txt to report directory
[2023-08-03 03:45:01.414][INFO] Collecting rtp statistics
[2023-08-03 03:45:01.593][INFO] Adding rtp_statistics.txt to report directory
[2023-08-03 03:45:01.594][INFO] Collecting libc information
[2023-08-03 03:45:01.640][INFO] Adding libc_info.txt to report directory
[2023-08-03 03:45:01.644][INFO] Collecting Uptime Info
[2023-08-03 03:45:01.665][INFO] Adding uptime_info.txt to report directory
[2023-08-03 03:45:01.666][INFO] Collecting /tmp files owned by group:mdatp
[2023-08-03 03:45:01.721][INFO] Adding tmp_files_owned_by_mdatp.txt to report directory
[2023-08-03 03:45:01.722][INFO] Collecting MDATP configurations
[2023-08-03 03:45:02.073][ERROR] Merged config not found. Maybe try restarting your mdatp
[2023-08-03 03:45:02.084][INFO] Adding mdatp_config.txt to report directory
[2023-08-03 03:45:02.087][INFO] Collecting Enginedb files
[2023-08-03 03:45:02.091][WARNING] No enginedb files exist
[2023-08-03 03:45:02.092][INFO] Collecting Linux iptables rules
[2023-08-03 03:45:02.152][INFO] Adding iptables_rules.txt to report directory
[2023-08-03 03:45:02.156][INFO] Collecting Network information
[2023-08-03 03:45:02.207][ERROR] Function failed: nft
[2023-08-03 03:45:02.224][INFO] Adding network_info.txt to report directory
[2023-08-03 03:45:02.226][INFO] Collecting Sysctl information
[2023-08-03 03:45:02.296][INFO] Adding sysctl_info.txt to report directory
[2023-08-03 03:45:02.297][INFO] Collecting Hostname diagnostics information
[2023-08-03 03:45:02.344][ERROR] Function failed: dnshostname
[2023-08-03 03:45:02.418][ERROR] Function failed:

RAN: /usr/bin/getent ahosts '`hostname`'

STDOUT:


STDERR:

[2023-08-03 03:45:02.431][INFO] Adding hostname_diagnostics.txt to report directory
[2023-08-03 03:45:02.432][INFO] Collecting MDE Event statistics
[2023-08-03 03:45:02.527][INFO] Adding mde_event_statistics.txt to report directory
[2023-08-03 03:45:02.529][INFO] Collecting MDE eBPF statistics(Linux platform)
[2023-08-03 03:45:22.620][INFO] Adding mde_ebpf_statistics.txt to report directory
[2023-08-03 03:45:22.622][INFO] Collecting Kernel logs
[2023-08-03 03:45:22.632][INFO] Adding kernel_logs.zip to report directory
[2023-08-03 03:45:22.632][INFO] Collecting MDC logs
[2023-08-03 03:45:22.641][WARNING] MDC state file [/var/lib/waagent/Microsoft.Azure.AzureDefenderForServers.MDE.Linux-1.0.3.10/state.json] doesnt exist.
[2023-08-03 03:45:22.644][INFO] Adding mdc_log.zip to report directory
[2023-08-03 03:45:29.299][INFO] [Report Generator]
[2023-08-03 03:45:29.304][INFO] MDATP installed
[2023-08-03 03:45:30.548][INFO] Executing connectivty test (this may take up to a minute)
Testing connection with https://nf.smartscreen.microsoft.com/api/network/mac ... [OK]
Testing connection with https://unitedstates.x.cp.wd.microsoft.com/api/report ... [OK]
Testing connection with https://ussus1eastprod.blob.core.windows.net/ ... [OK]
Testing connection with https://ussus1westprod.blob.core.windows.net/ ... [OK]
Testing connection with https://unitedstates.smartscreen.microsoft.com//api/network/mac ... [OK]
Testing connection with https://unitedstates.smartscreen-prod.microsoft.com//api/network/mac ... [OK]
Testing connection with https://go.microsoft.com/fwlink/?linkid=2144709 ... [OK]
Testing connection with https://winatp-gw-cus.microsoft.com/test ... [OK]
Testing connection with https://winatp-gw-eus.microsoft.com/test ... [OK]
Testing connection with https://us-v20.events.data.microsoft.com/ping ... [OK]
Testing connection with https://automatedirstrprdcus.blob.core.windows.net ... [OK]
Testing connection with https://automatedirstrprdeus.blob.core.windows.net ... [OK]
{'mde_diagnostic.zip': '/var/opt/microsoft/mdatp/wdavdiag/143e3dbd-57e2-4629-8b7d-6246c0201a76.zip', 'health.txt': '/tmp/mde_health_2023_08_03_03_44_47440dpcct.txt', 'health_details_features.txt': '/tmp/mde_health_features2023_08_03_03_44_47brzz8rzn.txt', 'permissions.txt': '/tmp/mde_health_permissions2023_08_03_03_44_47y3ew5v7w.txt', 'process_information.txt': '/tmp/processes_info_2023_08_03_03_44_47u6rdum9x.txt', 'proc_directory_info.txt': '/tmp/proc_directory_info_2023_08_03_03_44_47po0y9_a5.txt', 'auditd_info.txt': '/tmp/auditd_info_2023_08_03_03_44_470yd8hi13.txt', 'auditd_log_analysis.txt': '/tmp/auditd_log_2023_08_03_03_44_47i2n919d2.txt', 'auditd_logs.zip': '/tmp/auditd_logs_2023_08_03_03_44_47ub2a04ak.zip', 'syslogs.zip': '/tmp/syslog_2023_08_03_03_44_472zsj1cvp.zip', 'conflicting_processes_information.txt': '/tmp/conflicting_processes_2023_08_03_03_44_47jtf6gjw9.txt', 'exclusions.txt': '/tmp/mde_exclusions_2023_08_03_03_44_47cesd6df9.txt', 'definitions.txt': '/tmp/mde_definitions_2023_08_03_03_44_47tba3h7pa.txt', 'mde_directories.txt': '/tmp/mde_directories_2023_08_03_03_44_47y1yxvyyu.txt', 'disk_usage.txt': '/tmp/disk_usage_2023_08_03_03_44_47k8a4f_vw.txt', 'mde_user.txt': '/tmp/mde_user_2023_08_03_03_44_47lnu_zjy4.txt', 'mde_definitions_mount.txt': '/tmp/mde_definitions_mount_2023_08_03_03_44_47wuu37pvu.txt', 'service_status.txt': '/tmp/service_status_2023_08_03_03_44_470pkjbkvr.txt', 'mount.txt': '/tmp/mount_2023_08_03_03_44_47d36mduzq.txt', 'uname.txt': '/tmp/uname_2023_08_03_03_44_47e6kva_74.txt', 'memory.txt': '/tmp/memory_2023_08_03_03_44_47zk2xkcji.txt', 'meminfo.txt': '/tmp/meminfo_2023_08_03_03_44_47tljazv15.txt', 'cpuinfo.txt': '/tmp/cpuinfo_2023_08_03_03_44_47fo411p48.txt', 'lsof.txt': '/tmp/lsof_2023_08_03_03_44_47g5zaagzq.txt', 'top.txt': '/tmp/top_2023_08_03_03_44_47qcec16il.txt', 'rtp_statistics.txt': '/tmp/rtp_statistics_2023_08_03_03_44_47hew6l82j.txt', 'libc_info.txt': '/tmp/libc_info_2023_08_03_03_44_47v87m0uyz.txt', 'uptime_info.txt': '/tmp/uptime_info_2023_08_03_03_44_47m47x29vk.txt', 'tmp_files_owned_by_mdatp.txt': '/tmp/tmp_files_owned_by_mdatp_2023_08_03_03_44_47iwrplnkf.txt', 'mdatp_config.txt': '/tmp/merged_config_2023_08_03_03_44_47s5vdw341.txt', 'iptables_rules.txt': '/tmp/iptables_rules_2023_08_03_03_44_47x_n_m1uf.txt', 'network_info.txt': '/tmp/network_info_2023_08_03_03_44_47dlnkmeux.txt', 'sysctl_info.txt': '/tmp/sysctl_info_2023_08_03_03_44_47_xpnt3fk.txt', 'hostname_diagnostics.txt': '/tmp/hostname_diag_2023_08_03_03_44_47dg8qs5q7.txt', 'mde_event_statistics.txt': '/tmp/mde_event_statistics_2023_08_03_03_44_47y2pnggu1.txt', 'mde_ebpf_statistics.txt': '/tmp/mde_ebpf_statistics_2023_08_03_03_44_47ue7n9bo0.txt', 'kernel_logs.zip': '/tmp/kernel_logs_2023_08_03_03_44_4752d71w6a.zip', 'mdc_log.zip': '/tmp/mdc_logs_2023_08_03_03_44_473xbf7krx.zip', 'top_output.txt': '/tmp/top_output_2023_08_03_03_44_47b3dmh28a.txt', 'top_summary.txt': '/tmp/top_summary_2023_08_03_03_44_47abgjpd9j.txt', 'top_outliers.txt': '/tmp/top_outlier_2023_08_03_03_44_473ep8lgj2.txt'}
[2023-08-03 03:45:48.284][INFO] Archive created at: /tmp/03_08_2023_03_44_47_output.zip

 

I got this code but i don't know where report.html is..

 

Below image is output.zip's files.

I couldn't find "report.html" file

mara_0-1691036873769.png

 

Please try to copy mde_diagnostic.zip to a windows machine and check the files inside

I'm going to create a linux machine and test it too, soon I'll get back to you :D

@raphaelcustodiosoares There are just etc, var

mara_0-1691380954347.png

mara_0-1691382017751.png

mara_1-1691382050759.png

Did you find a report.html?