C3 - Free Community Content - 7/20 Release Notes - Software Usage Launched

strawgate 2016-07-20 12:11:14 UTC #1

Hello!

I am pleased to announce a FANTASTIC update to the C3 set of projects!

For information on the C3 set of projects (and how to set it up with your BigFix Environment) please see the announcement post: C3 - Free BigFix Community Content Libraries This content is provided by the community, maintained by me and anyone who contributes to the repositories on github. This is not IBM provided or supported content.

Overview

This release includes a new site, new Fixlets, new Analyses. So much stuff!

C3 Software Usage - 11 Analyses (11 New), 3 Fixlets (3 New)
C3 Inventory - 53 Analyses (4 New), 15 Fixlets
C3 Patch - 59 Supported Applications
C3 Protect - 28 (1 New) Analyses, 69 Fixlets (2 New)
C3 Platform Kickstart - 35 (9 New) Fixlets, 2 Analyses
C3 Remote Control - 7 Fixlets, 7 Analyses

C3 Software Usage - BigFix.Me - Github

C3 Software Usage is a Windows-Only Software Usage analyzer.

It doesn’t have all the bells and whistles of BigFix Inventory
C3 Software Usage piggy-backs off of Applocker on Windows and works very well with Applocker in Audit-only mode. Applocker can be enabled via group policy or fully managed through C3 Protect.
If you’re already using Applocker you’ll get months of usage data the moment you turn it on, if you are a new user you’ll start seeing usage data when Applocker is turned on.
The provided analyses do naive checks for executable names.
The application tracking database can be queried via executable path, file hash, version, whether the file is signed, launch count and based on last usage – or any combination of those.
Application usage queries are very fast (milliseconds) even on machines with very large tracking databases
The tracking database grows based on number of unique applications launched – not based on number of launches. This means it’s safe to use in a terminal services or kiosk environment with heavy application usage.

There is a setup guide available here: https://github.com/strawgate/C3-Application-Usage/wiki/Software-Usage

New Analyses:

“Application Usage - Accounting - Windows” - Provides usage information for PeachTree and Quickbooks
“Application Usage - Adobe - Windows” - Provides usage information for a number of Adobe applications
“Application Usage - Browsers - Windows” - Provides usage information for various mainstream browser applications
“Application Usage - Communication - Windows” - Provides usage information for various Skype-like apps
“Application Usage - Compression - Windows” - Provides usage information for compression utilities
“Application Usage - Enterprise Resource Planning - Windows” - Provides usage information for ERP apps
“Application Usage - Mathematics - Windows” - Provides usage information for math and stats software
“Application Usage - Microsoft Office - Windows” - Provides usage information for the Microsoft Office Suite
“Application Usage - Multimedia - Windows” - Provides usage information for various multimedia applications
“Application Usage - Raw Results - Windows” - Provides the entire list of recorded usage history
“Application Usage - Scan Info - Windows” - Provides information on usage history like how far back the history goes for a machine, the last time it was updated, and the current size of the application usage tracking database.

C3 Inventory BigFix.Me - Github

New Analyses:

“SCCM - Windows” - Provides information about the currently installed System Center Configuration Manager client including version, site code, last report, current management point, installed components, client approval state, and cache size.
“Groups - Windows” - Provides membership information on the local system groups from users to administrators and everything in between
“Pending Restart - Windows” - Provides information from all the registry keys typically associated with a pending restart with the BigFix agent.

Updated Analyses:

“Network - Windows” - Now includes DHCP Lease information

C3 Protect BigFix.Me - Github

Analyses:

“EMET - Logs - Windows” - Provides information on fired off emet mitigations

C3 Platform Kickstart BigFix.Me - Github

New Fixlets:

“Config - Client Setting - Command Polling - (duration)” - Various fixlets for configuring command polling
“Config - Client Setting - Minimum Report Interval - (duration)” - Various fixlets for configuring minimum report interval

Summary

To learn more about C3 please see the original announcement