We’ve notice some false positives in our DSS SAM inventory are caused by the SAM scanner picking up an .exe that is not installed but just sitting on a drive (various reasons). Is there a way to do one of the following or both:
1- Link the SAM reports to the Installed Applications for Windows analysis so that we can retrieve results that are reported in both, reported on just SAM scan data or reported (can do this now) on just Installed Apps (Can do this through standard BigFix webreports)? Perhaps a column in the DSS SAM report that could show if the app was also reported by the Installed Apps analysis?
2- Be able to create a SAM report with filters with criteria like:
C: Drive Only
Program Files Folders Only
Windows System Folders Only
Excuse me if we can already do this, but I don’t currently see a way to accomplish it.
That works on the scanner side, but we want to collect the all the file data on the scanner side and filter on the reporting side. Can anything be done there?
If you need global filtering, why not create a custom action to deploy configuration files to all your SAMScanner endpoints?
If you really need server-side filtering, you would need to create a scheduled task on your BigFix server to process the scan files as they are uploaded before the SAM ETL can see them. If you go this route, you may wish to reconfigure the SAM server to read the scan files out of a different directory so that it only picks up those that have been run through your filter.
I think perhaps we aren’t on the same page here. I just want to be able to filter out results based on my original criteria in item #2 as posted above, via the DSS SAM Web Reporting Interface.
Link the SAM reports to the Installed Applications for Windows analysis so that we can retrieve results that are reported in both, reported on just SAM scan data or reported (can do this now) on just Installed Apps (Can do this through standard BigFix webreports)? Perhaps a column in the DSS SAM report that could show if the app was also reported by the Installed Apps analysis?
We again have a high need for this and I wanted to give the thread a bump since the thread discussion seemed to focus on just the filtering.
There is a table which tracks this in the DB, but it is not made available for reporting in the UI.
The computer_executable_details table may have what you want. It tracks the computer ID, executable ID and path for known executables found on endpoints. It does not track this information for executables which are not present in the software catalog.
You would need to craft a custom SQL query to report on this data. If you go that route, you could join it against the computer_dimension table for computer details, and the catalog_dimension table for information on the software. This is not a user-facing feature of the product, as as such we do not provide support for creating custom queries on this table, and it may change in a future version.