cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FNMS2021R1 Inventory of Windows Registry and process unknown evidence from registry

Ronny_OO7
By Level 8 Champion
Level 8 Champion

Dear Flexera,

In FNMS2021R1 Inventory of Windows Registry has been formally introduced:

https://docs.flexera.com/FlexNetManagerSuite2021R1/EN/Features/index.html#FeatureList/2021R1-0/RN-new-WinRegInvent.html

It seems to me that this is not completed yet as it the values are only available in the inventory device property sheet Evidence tab, when you select the WMI sub-tab.

Now I would also expect that you can process and link registry (WMI Evidence) So I have checked 

Unrecognized Evidence-->Installer Evidence and then try to filter on WMI or Registry.

Unfortunately non of the two is vissable.

Am I thinking wrong or did Flexera missed something here with the implementation?

Regards

Ronald

(4) Replies
ChrisG
By Community Manager Community Manager
Community Manager

If I follow your comments right, I think you are looking for a way to see WMI evidence (including gathered registry data that is modelled as WMI evidence) that has been imported from all devices - similar to how the Unrecognized Evidence and All Evidence grids holistically show installer and file evidence. Is that right?

I don't know of any interface in the FlexNet Manager Suite web UI that summarizes WMI evidence data in that way - I don't think it is exposed anywhere except on a per-device level on the Evidence tab when viewing a device. The raw data is obviously available in the compliance database if working with data at that level is helpful.

For reference, here is an idea which is partially related to this: FNMS-I-219: Expose WMI evidence matching.

 

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

Hi Chris,

Thanks for your help.

Yes that is what I mean. At this moment FNMS supports collecting Registry entries. But from that point you can only use it for existing ARL Rules. And especially with registry entries you want to create your own applications based on found evidence.

I created an new idea, altough I concider this new implementation only implemented half way..

https://flexerasfdc.ideas.aha.io/ideas/FNMS-I-237

Regards

Ronald

 

nrousseau1
By Level 10 Champion
Level 10 Champion

Hi Ronald,

I am sure the WMI evidence management will be enhanced (related to the "SQL Services editions" for instance.

You can actually link the newly imported WMI evidences from the applications detail. The search will show you all imported WMI evidences.

The downside is that you must know what you look for and I hope this will help in adding the WMI evidence to the application to recognize. Be careful, if you have more than one evidence, it will mean EACH evidence must be present.

Please tell me if you have an issue.

AddWMIEvidence.png

HI Nicolas,

Why is WMI Evidence threaded differently? Why not at Unrecognized Evidence-->Installer Evidence and then try to filter on WMI or Registry. Or Create a new Class WMI Evidence? The default is to look at Unrecognized Evidence and there it is not.

It is good that further more at different parts in the product it is. But at the starting point it is missing. And as you stated The downside is that you must know what you look for . This is really an issue since you don't always know what you are exactly looking for.