Analyses Relevance

(imported topic written by SystemAdmin)

How can i create a custom “Analyses Relevance” that will allow me to view the running services, program installed together with their version and the windows patches that are install/not install on a particular client machine?

(imported comment written by jgolembi)

DTDW,

this link

will redirect to a

wiki

related to Bigfix Fixlet Authoring. There are some nice training guides available there as well as help files and a very nice QNA tool that I use to work through relevance.

  • Client Relevance Helpfile - I use this daily to review the definitions of the various questions that can be asked.
  • QNA fixlet debugger - invaluable when trying to get just the right answer to come back.

In order to create a new analysis from the console I would select Tools --> Create new Analysis.

Then for each of the fields you want to see information on I would create some amount of relevance in the fixlet debugger before inputting the relevance into the analysis.

  • Services - From the help file here are a few examples.
  • running services
  • //Returns a list of all the currently running services. expand environment string of ( image path of service
  • "AudioSrv”)
  • //Returns a path name for the Windows Audio service, such as C:\WINDOWS\System32\svchost.exe -k netsvcs. (DISPLAY name of it, security descriptor of it ) of service
  • “TapiSrv”
  • //Returns a value such as ‘Telephony, D:(A;OICI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;OICI;CCLCSWRPLO;;;BU)’.
  • Programs Installed - More examples from the help file, but if you have the inventory and license site on your infrastructure then I would suggest using that.
  • application
  • “qna.exe” of parent folder of application
  • “bigfix.exe” of the registry
  • //Using the application of folder creation method, this example locates the ‘sibling’ application qna.exe provided it exists in the same //folder in which the registered application ‘bigfix.exe’ is installed. exists application
  • “notepad.exe” of the windows folder
  • //Using the application of folder creation method, this example locates the notepad application provided it exists in the Windows folder. name of application
  • “print” of key
  • “HKEY_CLASSES_ROOT.gif” of registry
  • //Returns the name of the application currently responsible for printing gif files. name of application
  • “print” of key
  • “HKEY_CLASSES_ROOT\giffile” of the registry
  • //The same as above when the default value of the key HKEY_CLASSES_ROOT.gif contains giffile. These two examples demonstrate the method //used by Windows to maintain file associations in the registry. application of key
  • “HKEY_CLASSES_ROOT\mailto” of the registry
  • //This example returns the application responsible for handling mailto requests in your web browser. names of regapps
  • //Primarily used in QnA to obtain lists of applications installed under the “app path” key of the registry.
  • byte 0 of regapp
  • “bigfix.exe” = 77
  • //TRUE if the first byte in the specified file is ASCII 77. regapp
  • “IEXPLORE.EXE”
  • //Returns the application object associated with the named registry key. Checks to see if the executable exists and if so, returns the //application object. Case is ignored. exists running application whose (name of it as lowercase is
  • “winword.exe”)
  • //Returns TRUE if Microsoft Word is currently executing.
  • Windows Patches installed - I can’t help but thinking that this data is already gathered for you in the Bigfix console. I would also recommend reviewing Web reports as a good option for reporting on all of this information.

A few more helpful links:

  • http://support.bigfix.com - support search site for BigFix
  • Bigfix Documentation - Here you can find guides on Web reports, the Console, etc.

Hopefully this all makes sense.

-John G