Hi, has anyone developed a way top identify an Azure VM client natively without running a script similar to this .ps1 - https://www.powershellgallery.com/packages/MiniLab/0.9.7/Content/Private\ConfirmAzureVM.ps1
This works pretty well for Windows on AWS, how is anyone else identifying metadata associated to cloud environments ?
delete __createfile
delete Azure.ps1
createfile until __END
Invoke-RestMethod -Headers @{{“Metadata”=“true”} -URI http://169.254.169.254/metadata/instance?api-version=2019-11-01 -Method get | ConvertTo-Json | Out-File -FilePath “{pathname of parent folder of regapp “besclient.exe”}\Azure.json”
__END
move __createfile __Download\Azure.ps1
waithidden powershell.exe -ExecutionPolicy Bypass -file “__Download\Azure.ps1”
2 Likes
Nice one, @nicksberger
Consider creating a fixlet on bigfix.me?
Relevance might be
not exists file "Azure.json" of parent folder of client
1 Like
Sounds like a good use case for the BigFix v10 Cloud Plugin (Azure).
1 Like
Any of you guys with a little free time on your hands want to test the Linux version out as I have no Linux AWS test hosts -
Here’s the command -
curl -H Metadata:true “http://169.254.169.254/metadata/instance?api-version=2019-11-01”
Obviously piping the output json file to the BigFix client directory. Im hoping the json will be the same format for both methods allowing for pretty straight forward parsing.
If someone woud help out on that piece, i would be happy to wrap into a fixlet for bigfix.me
As suggested by @cstoneba, BigFix 10 may help here.
As part of multi-cloud support, BESAgent v10 has a new cloud provider inspector that retrieves the kind of information you’re looking for.
BigFix 10 will have to wait a while in our organisation. The cloud inspectors look good, albeit return limited metadata opposed to this instance metadata service query i am playing with.
The BigFix Azure Cloud Plugin would retrieve thorough instance information, but it’s in BigFix v10 as well, so not an option for you at the moment if I understand correctly.
Am I right in thinking that the Cloud plugin operates in a similar way to the VMWare Management Extender ?
Thorough instance information is great, however the data is used more for inventory, and cannot be used for targeting actions etc.
Just comparing methods here - I can target an action based on resource owner/group etc.
I may well be way off on this assumption as i haven’t played with v.10 yet.
The new Cloud Plugin comes with new Cloud Inspectors and there are some properties out-of-box that can be used to target endpoints based on the results. I think you can use those inspectors to write your own properties based on your requirements.
Just some of them:
2 Likes
@nicksberger BigFix 10 is also capable of correlating a resource discovered by a cloud plugin (Azure, AWS, VMware) with the possible computer associated to the presence of the BigFix Agent on that same discovered resource, allowing operators to see it as a unique entity. This is called computer correlation.
More information on the specific Computer correlation doc page (part of the more general Managing cloud assets section that descibres all aspects of the new multi-cloud support solution).
As you mentioned the VMware Management Extender, let me add that - in this first release - the new multi-cloud support solution provides VM discovery and correlation, but it’s not providing VM management yet (e.g. power on or power off virtual machines), so there’s still a functional gap with respect to the legacy VMware Management Extender.
2 Likes
good information. the computer correlation piece has been long awaited. thanks !
1 Like