Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Need help for Asset Discovery with custom pattern for Application Registry

Perrino David
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 22, 2024

Hello,

i would like  make a custom pattern for Asset discovery to return only the application registry with Tomcat contains in the Name.

I succeeded with the application services by adding the where SELECT * FROM Win32_Service WHERE Name LIKE '%tomcat%'

but with the application registry the command it's KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ and i don't know how i can filters

here the partern that i use, have you an idea? thanks

 

<?xml version="1.0" encoding="utf-8"?>
<!--
© Atlassian
-->
<ScanPattern xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<Version>5.0.0</Version>
<PatternID>Atlassian-Def-Win-4</PatternID>
<AlternativePattern>Atlassian-Def-Win-46</AlternativePattern>
<OrderNr>0</OrderNr>
<ProcessType>WMIRegValueList</ProcessType>
<PatternType>Application</PatternType>
<Command>
<![CDATA[
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
]]>
</Command>
<Processing>
<![CDATA[
using System;
using System.Management;
using System.Collections.Generic;
using Insight.Discovery.Tools;
using Insight.Discovery.InfoClasses;
using Insight.Discovery.ProviderClasses;
using System.Linq;
using Insight.Discovery.InfoClasses.CommandResult.ResultTypes;

namespace Insight.Discovery {
public class PatternExec {
private const string alternativeNamespace = @"root\default";
public void PerformAction(object[] parameters)
{
try
{
WMIRegValueListResult subKeys = (WMIRegValueListResult)parameters[0];
HostInfo hostInfo = (HostInfo)parameters[2];
string command = subKeys.Command;
WMIProvider wmiProvider = (WMIProvider)parameters[1];

// Apps from initial command (Reg32, all users)
if (subKeys.IsNullOrEmpty())
{
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, alternativeNamespace, false);
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
else
{
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}


// Apps from (Reg32, single user)
command = @"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, false);
if (subKeys.IsNullOrEmpty())
{
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, alternativeNamespace, false);
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
else
{
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}

// Apps from (Reg64, all users)
command = @"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\";
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, false);
if (subKeys.IsNullOrEmpty())
{
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, alternativeNamespace, false);
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
else
{
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}

// Apps from (Reg64, single user)
command = @"HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\";
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, false);
if (subKeys.IsNullOrEmpty())
{
subKeys = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry(command, alternativeNamespace, false);
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
else
{
AddApps(ref hostInfo, subKeys, command, wmiProvider, alternativeNamespace);
}
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting Applications Information from Reg32", ex);
}
}

private void AddApps(ref HostInfo hostInfo, WMIRegValueListResult subKeys, string rootCommand, WMIProvider wmi, string nameSpace)
{
if (!subKeys.IsNullOrEmpty())
{
subKeys.LogResult();
try
{
if (hostInfo.Applications.IsNullOrEmpty()) hostInfo.Applications = new List<ApplicationInfo>();

foreach (string strKey in subKeys)
{
string displayName = string.Empty;
WMIRegValueResult result;
try
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "DisplayName", nameSpace);
if (!result.IsNullOrEmpty())
displayName = ((string)result.FirstOrDefault()).Trim();
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting DisplayName", ex);
}

if (!string.IsNullOrEmpty(displayName))
{
ApplicationInfo pki = new ApplicationInfo();
pki.Name = displayName.Trim();
pki.Version = ImportService.Instance.ImportVersion(displayName);
pki.Description = displayName.Trim();
try
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "DisplayVersion", nameSpace);
if (!result.IsNullOrEmpty())
pki.Version = ((string)result.FirstOrDefault()).Trim();
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting DisplayVersion", ex);
}

try
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "InstallLocation", nameSpace);
if (!result.IsNullOrEmpty())
pki.InstallLocation = ((string)result.FirstOrDefault()).Trim();
else
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "UninstallString", nameSpace);
if (!result.IsNullOrEmpty() && result.ToString().Contains(":"))
{
pki.VisibleInMSUI = true;
pki.InstallLocation = ((string)result.FirstOrDefault()).Substring(0, ((string)result.FirstOrDefault()).LastIndexOf(@"\", StringComparison.Ordinal) + 1).Trim();
}
}
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting InstallLocation", ex);
}

try
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "InstallDate", nameSpace);
if (!result.IsNullOrEmpty())
pki.InstallDate = ImportService.Instance.ImportDate((string)result.FirstOrDefault());
}
catch
{
try
{
// sometimes we need an int
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "InstallDate", nameSpace);

if (!result.IsNullOrEmpty())
{
int instDate = int.Parse(result.FirstOrDefault().ToString());
if (instDate > 0)
pki.InstallDate = ImportService.Instance.ImportDate(instDate.ToString());
}
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting InstallDate", ex);
}
}
try
{
result = (WMIRegValueResult)wmi.GetRegistryValue(rootCommand.Trim() + strKey, "Publisher", nameSpace);
if (!result.IsNullOrEmpty())
pki.Vendor = ((string)result.FirstOrDefault()).Trim();
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting Publisher", ex);
}

if (hostInfo.Applications.Find(o => o.ObjectHash == pki.ObjectHash) == null)
{
hostInfo.Applications.Add(pki);
}
}
}
}
catch (Exception ex)
{
LogService.Instance.LogDebug("Error getting Applications Information from" + rootCommand, ex);
}
}
}
}
}
]]>
</Processing>
</ScanPattern>

 

0 answers

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events