FNMS2021R1 Inventory of Windows Registry and process unknown evidence from registry
In FNMS2021R1 Inventory of Windows Registry has been formally introduced:
It seems to me that this is not completed yet as it the values are only available in the inventory device property sheet Evidence tab, when you select the WMI sub-tab.
Now I would also expect that you can process and link registry (WMI Evidence) So I have checked
Unrecognized Evidence-->Installer Evidence and then try to filter on WMI or Registry.
Unfortunately non of the two is vissable.
Am I thinking wrong or did Flexera missed something here with the implementation?
If I follow your comments right, I think you are looking for a way to see WMI evidence (including gathered registry data that is modelled as WMI evidence) that has been imported from all devices - similar to how the Unrecognized Evidence and All Evidence grids holistically show installer and file evidence. Is that right?
I don't know of any interface in the FlexNet Manager Suite web UI that summarizes WMI evidence data in that way - I don't think it is exposed anywhere except on a per-device level on the Evidence tab when viewing a device. The raw data is obviously available in the compliance database if working with data at that level is helpful.
For reference, here is an idea which is partially related to this: FNMS-I-219: Expose WMI evidence matching.
Thanks for your help.
Yes that is what I mean. At this moment FNMS supports collecting Registry entries. But from that point you can only use it for existing ARL Rules. And especially with registry entries you want to create your own applications based on found evidence.
I created an new idea, altough I concider this new implementation only implemented half way..
I am sure the WMI evidence management will be enhanced (related to the "SQL Services editions" for instance.
You can actually link the newly imported WMI evidences from the applications detail. The search will show you all imported WMI evidences.
The downside is that you must know what you look for and I hope this will help in adding the WMI evidence to the application to recognize. Be careful, if you have more than one evidence, it will mean EACH evidence must be present.
Please tell me if you have an issue.
Why is WMI Evidence threaded differently? Why not at Unrecognized Evidence-->Installer Evidence and then try to filter on WMI or Registry. Or Create a new Class WMI Evidence? The default is to look at Unrecognized Evidence and there it is not.
It is good that further more at different parts in the product it is. But at the starting point it is missing. And as you stated The downside is that you must know what you look for . This is really an issue since you don't always know what you are exactly looking for.