Greetings All,
I am trying to create an analysis to check the status of our security apps. One of the checks I would like to do involves looking at a specific registry key for Netskope. I can find the registry path using relevance, but I am unable to reference the values inside the path.
This is the base relevance I am working from. This works correctly.
(exists keys whose (exists values "DisplayName" whose (it as string contains "Google Chrome") of it) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of native registry)
And here is the new relevance I have created to find the Netskope key/value I am trying to verify:
(exists keys whose (exists values "NpaStatus" whose (it as string contains "Disconnected") of it) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\NetSkope\NpaTunnel" of native registry
I have confirmed that the value exists in the registry of the system I am testing on.
Any assistance or suggestions you can provide would be greatly appreciated.
Thank you,
_mxg