All,
Looking for some advice on trying to optimize some BigFix Relevance, I’ve got the solution working but wanted to see if there might be better way to write the relevance.
We have project going where we want to retrieve info from the registry about agents (BigFix; CrowdStrike; Flexera …) deployed in our environment, that info is written to BigFix properties and used for reporting in Corporate Dashboard.
To get the agent info I’m looking at the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall key for both x32/x64. The info I’m interested in are DisplayName and DisplayVersion
Challenges
- what if there are multiple versions installed of the agent (For the moment I’m reporting on most recent version)
- What if agent is not installed
Below relevance will provide me with that info
if (exists values “DisplayVersion” of keys whose (value “DisplayName” of it as string as lowercase contains “flexnet inventory agent”) of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry ; x64 registry)) then
(if ((it as string contains “|”) of (concatenation “|” of (unique values of ( value “DisplayVersion” of it as string as trimmed string) of keys whose ((exists (value “DisplayVersion” of it as string as trimmed string as lowercase)) And (value “DisplayName” of it as string as lowercase contains “flexnet inventory agent”)) of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry ; x64 registry)))) then (following text of last “|” of concatenation “|” of (unique values of ( value “DisplayVersion” of it as string as trimmed string) of keys whose ((exists (value “DisplayVersion” of it as string as trimmed string as lowercase)) And (value “DisplayName” of it as string as lowercase contains “flexnet inventory agent”)) of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry ; x64 registry))) else (concatenation “|” of (unique values of ( value “DisplayVersion” of it as string as trimmed string) of keys whose ((exists (value “DisplayVersion” of it as string as trimmed string as lowercase)) And (value “DisplayName” of it as string as lowercase contains “flexnet inventory agent”)) of keys "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x32 registry ; x64 registry)))) else “noinfo”
Question:
To check for multiple versions and report most recent version, I’m using “Unique Values” which is sorted and I will return last entry which is the latest version. I’ve found some articles mentioning “maximum of” but was not able to really make that work that’s why I’m choosing this option
any suggestions or feedback to improve relevance are much appreciated.