Looking for the way to collect ONLY machines with the SNMP protocol with “public” community enable.
I create a new Analysis with the following:
Properties TAB
Name:
SNMP Service
Relevance:
if exists key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration” of registry then exists key “public” of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration” of registry else false
Relevance TAB
All Computers
I receive all result not only True for the ones that have Public String Enable.
On a cursory glance I’m not sure what’s wrong with that relevance, but if you’re stuck I’d recommend pulling out the relevance debugger, logon to a couple of machines, and then run the relevance manually to be sure those statements were correct.
The relevance you’re using is checking the SNMP Trap settings, not the SNMP Valid Communities settings… If you want to check SNMP Valid Community strings, I use this bit of relevance:
((exists (values “Public” of keys “hklm\system\currentcontrolset\services\snmp\parameters\validcommunities” of native registry as string)) OR (exists (values “Private” of keys “hklm\system\currentcontrolset\services\snmp\parameters\validcommunities” of native registry as string)))
If you’re wanting an analysis property to retrieve SNMP configurations, I use this relevance:
(names of it, (if it = 1 then “None” else if it = 2 then “Notify” else if it = 4 then “Read Only” else if it = 8 then “Read Write” else if it = 16 then “Read Create” else “Not Running”)) of values of key “hklm\system\currentcontrolset\services\snmp\parameters\validcommunities” of native registry