I am wondering if it’s possible to take an output of a command and dynamically create a retrieved property based on its output. For example, we need to report if Macs have FileVault encryption enabled. I’d love to be able to find a way to run the following command
“
sudo fdesetup status”
and depending on the output (“FileVault is On”) populate a retrieved property called “Mac FileVault Encryption Status” with the output of the command. Is this possible? I know I can pipe out the output to a text file and query it, but ability to take an output of a command dynamically in the relevance would be fantastic.
The best way to accomplish this is to have a re-occurring action that pipes the output to a file and then have a property collect or evaluate the results.
Though in practice we’ve had a high enough failure rate of the command running because it was not pipping to a file correctly that we had to write our own utility to collect the status and while doing that add more details about the disk(s) and it’s state.
Thank you for replying, bxk… I’m aware of the “output to a text file, parse the file” method, but was hoping that there would be some dynamic way to do this. Hopefully in the next versions TEM will introduce something like this.
Relevance is a read-only language. So that functionality would be a
fundamental
shift against the core values of what relevance is.
Getting that functionality would be a brand new type of way to interact with the endpoint. I think it would be a great feature, but it would be a
fundamental
change in how the agent works.
What bxk is referring to is using a Task written to run the required command, piping the output to a file in a consistent location, then using a retrieved property to parse the file for the information you want to pull back. The action used to deploy the task would need to be set to
Reapply this action while relevant, waiting “xx” between reapplications
.
I’ve used the technique to determine if PGP has completed the encryption of a computers hard drive. The Task was written with relevance to determine if PGP was installed on the computer, and I had the Task run once a day.
I created a task that executed the command
PGPWDE --Status > C:\SomeWhereSafe\PGPStatus.txt
(with additional logic to execute the code from the installed directory) which produced output similar to …
Disk 0 is instrumented by bootguard.
Current key is valid.
Whole disk encrypted
Total sectors: 390721933 highwatermark: 390721933
Failed login attempt lockout enabled. Max failures=99
Request sent to Disk status was successful
Then I created a retrieved property
PGP::Encrypted
that returned something like
IF (exists file “C:\SomeWhereSafe\PGPStatus.txt”) AND (exists lines whose(it contains “Whole disk encrypted”) of file “C:\SomeWhereSafe\PGPStatus.txt”) THEN (“DONE”) ELSE (“NOT DONE”)
The property will return
DONE
or
NOT DONE
for computers with PGP installed. Any computers that do not have PGP installed should return
NOT DONE
. Another layer of logic would let you return “
NOT INSTALLED
” if PGP wasn’t installed on the computer, but I used a different property for that so I didn’t worry about it with this one.