Hello,
i would like make a custom pattern for Asset discovery to return only the application registry with Tomcat contains in the Name.
I succeeded with the application services by adding the where SELECT * FROM Win32_Service WHERE Name LIKE '%tomcat%'
but with the application registry the command it's KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ and i don't know how i can filters
here the partern that i use, have you an idea? thanks
<?xml version="1.0" encoding="utf-8"?>
<!--
© Atlassian
-->
<ScanPattern xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<Version>5.0.0</Version>
<PatternID>Atlassian-Def-Win-4</PatternID>
<AlternativePattern>Atlassian-Def-Win-46</AlternativePattern>
<OrderNr>0</OrderNr>
<ProcessType>WMIRegValueList</ProcessType>
<PatternType>Application</PatternType>
<Command>
<![CDATA[
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
]]>
</Command>
<Processing>
<![CDATA[
using System;
using System.Management;
using System.Collections.Generic;
using Insight.Discovery.Tools;
using Insight.Discovery.InfoClasses;
using Insight.Discovery.ProviderClasses;
using System.Linq;
using Insight.Discovery.InfoClasses.CommandResult.ResultTypes;
namespace Insight.Discovery {
public class PatternExec {
private const string alternativeNamespace = @"root\default";
public void PerformAction(object[] parameters)
{
try
{
WMIRegValueListResult subKeys = (WMIRegValueListResult)parameters[0];
HostInfo hostInfo = (HostInfo)parameters[2];
string command = subKeys.Command;
WMIProvider wmiProvider = (WMIProvider)parameters[1];
// Apps from initial command (Reg32, all users)
if (subKeys.IsNullOrEmpty())
{
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, alternativeNamespace, false);
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
else
{
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
// Apps from (Reg32, single user)
command = @"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, false);
if (subKeys.IsNullOrEmpty())
{
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, alternativeNamespace, false);
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
else
{
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
// Apps from (Reg64, all users)
command = @"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\";
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, false);
if (subKeys.IsNullOrEmpty())
{
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, alternativeNamespace, false);
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
else
{
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
// Apps from (Reg64, single user)
command = @"HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\";
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, false);
if (subKeys.IsNullOrEmpty())
{
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, alternativeNamespace, false);
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
else
{
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting Applications Information from Reg32", ex);
}
}
private void AddApps(ref HostInfo hostInfo, WMIRegValueListResult subKeys, string rootCommand, WMIProvider wmi, string nameSpace)
{
if (!subKeys.IsNullOrEmpty())
{
subKeys.LogResult();
try
{
if (hostInfo.Applications.IsNullOrEmpty()) hostInfo.Applications = new List<ApplicationInfo>();
foreach (string strKey in subKeys)
{
string displayName = string.Empty;
WMIRegValueResult result;
try
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "DisplayName", nameSpace);
if (!result.IsNullOrEmpty())
displayName = ((string)result.FirstOrDefault()).Trim();
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting DisplayName", ex);
}
if (!string.IsNullOrEmpty(displayName))
{
ApplicationInfo pki = new ApplicationInfo();
pki.Name = displayName.Trim();
pki.Version = ImportService.Instance.ImportVersion(displayName);
pki.Description = displayName.Trim();
try
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "DisplayVersion", nameSpace);
if (!result.IsNullOrEmpty())
pki.Version = ((string)result.FirstOrDefault()).Trim();
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting DisplayVersion", ex);
}
try
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "InstallLocation", nameSpace);
if (!result.IsNullOrEmpty())
pki.InstallLocation = ((string)result.FirstOrDefault()).Trim();
else
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "UninstallString", nameSpace);
if (!result.IsNullOrEmpty() && result.ToString().Contains(":"))
{
pki.VisibleInMSUI = true;
pki.InstallLocation = ((string)result.FirstOrDefault()).Substring(0, ((string)result.FirstOrDefault()).LastIndexOf(@"\", StringComparison.Ordinal) + 1).Trim();
}
}
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting InstallLocation", ex);
}
try
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "InstallDate", nameSpace);
if (!result.IsNullOrEmpty())
pki.InstallDate = ImportService.Instance.ImportDate((string)result.FirstOrDefault());
}
catch
{
try
{
// sometimes we need an int
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "InstallDate", nameSpace);
if (!result.IsNullOrEmpty())
{
int instDate = int.Parse(result.FirstOrDefault().ToString());
if (instDate > 0)
pki.InstallDate = ImportService.Instance.ImportDate(instDate.ToString());
}
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting InstallDate", ex);
}
}
try
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "Publisher", nameSpace);
if (!result.IsNullOrEmpty())
pki.Vendor = ((string)result.FirstOrDefault()).Trim();
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting Publisher", ex);
}
if (hostInfo.Applications.Find(o => o.ObjectHash == pki.ObjectHash) == null)
{
hostInfo.Applications.Add(pki);
}
}
}
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting Applications Information from" + rootCommand, ex);
}
}
}
}
}
]]>
</Processing>
</ScanPattern>