A new Flexera Community experience is coming on November 18th, click here for more information.
Hello Flexera content team,
I am wondering: How good is the latest ARL coverage for Non-Windows based Inventory? Out of the box how many percentage does it cover on average?
At my customer who is scanning full drive I see about 3 Million unassigned file evidence records. It will be difficult and time consuming to process these items one by one.
So the question is also: On Non-Windows based systems how much percentage average coverage is coming from application evidence coming out of an library like RPM, etc what ever is used. If we know this we can concider processing the 3 Million unkown file evidence records
PS:I am aware it is depending on if the customer re-packages their software or not. But I would like to see this in general. Let's assume all the conditions are in an good state.
Thanks!
Ronald
Feb 02, 2021 09:07 AM
Feb 02, 2021 09:41 AM
Feb 05, 2021 03:28 AM
Feb 08, 2021 02:57 AM
Digging up some details I used many years ago in analysis of recognition results, see the following query which can be run against a FlexNet Manager Suite On-premises compliance database to gather some recognition stats about installer evidence has been imported.
SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED
SET DEADLOCK_PRIORITY LOW
DECLARE @cc INT
DECLARE @thres INT
SELECT @cc = COUNT(*), @thres = COUNT(*) / 200 FROM dbo.ComplianceComputerWithActiveInventory
IF @thres < 20
SET @thres = 20
; WITH ie AS (
SELECT
ie.*
, CASE WHEN MatchedCount >= @thres THEN 1 ELSE 0 END AS AboveThreshold
, CASE WHEN IsAssigned = 1 OR Ignored = 1 THEN 1 ELSE 0 END AS Recognized
, CASE WHEN EXISTS(SELECT 1 FROM dbo.SoftwareRecognition sr WHERE sr.InstallerEvidenceID = ie.InstallerEvidenceID AND sr.TypeOfID = 'InstallerEvidence') THEN 1 ELSE 0 END AS FromARL
FROM dbo.InstallerEvidenceInfo ie
WHERE MatchedCount > 0
)
SELECT
(SELECT TOP 1 ARLVersion FROM dbo.SoftwareRecognitionImport WHERE IsSuccess = 1 ORDER BY UpdatedAt DESC) AS ARLVersion
, @cc AS ComputerCount
, @thres AS ARLThresholdComputerCount
, IERecognizedByARLAboveThreshold = SUM(CASE WHEN ie.AboveThreshold = 1 AND ie.FromARL = 1 THEN 1 ELSE 0 END)
, IERecognizedByLocalAboveThreshold = SUM(CASE WHEN ie.AboveThreshold = 1 AND ie.FromARL = 0 AND ie.Recognized = 1 THEN 1 ELSE 0 END)
, IEUnrecognizedAboveThreshold = SUM(CASE WHEN ie.AboveThreshold = 1 AND ie.FromARL = 0 AND ie.Recognized = 0 THEN 1 ELSE 0 END)
, IERecognizedByARLBelowThreshold = SUM(CASE WHEN ie.AboveThreshold = 0 AND ie.FromARL = 1 THEN 1 ELSE 0 END)
, IERecognizedByLocalBelowThreshold = SUM(CASE WHEN ie.AboveThreshold = 0 AND ie.FromARL = 0 AND ie.Recognized = 1 THEN 1 ELSE 0 END)
, IEUnrecognizedBelowThreshold = SUM(CASE WHEN ie.AboveThreshold = 0 AND ie.FromARL = 0 AND ie.Recognized = 0 THEN 1 ELSE 0 END)
, MatchesRecognizedByARLAboveThreshold = SUM(CASE WHEN ie.AboveThreshold = 1 AND ie.FromARL = 1 THEN CAST(ie.MatchedCount AS BIGINT) ELSE 0 END)
, MatchesRecognizedByLocalAboveThreshold = SUM(CASE WHEN ie.AboveThreshold = 1 AND ie.FromARL = 0 AND ie.Recognized = 1 THEN CAST(ie.MatchedCount AS BIGINT) ELSE 0 END)
, MatchesUnrecognizedAboveThreshold = SUM(CASE WHEN ie.AboveThreshold = 1 AND ie.FromARL = 0 AND ie.Recognized = 0 THEN CAST(ie.MatchedCount AS BIGINT) ELSE 0 END)
, MatchesRecognizedByARLBelowThreshold = SUM(CASE WHEN ie.AboveThreshold = 0 AND ie.FromARL = 1 THEN CAST(ie.MatchedCount AS BIGINT) ELSE 0 END)
, MatchesRecognizedByLocalBelowThreshold = SUM(CASE WHEN ie.AboveThreshold = 0 AND ie.FromARL = 0 AND ie.Recognized = 1 THEN CAST(ie.MatchedCount AS BIGINT) ELSE 0 END)
, MatchesUnrecognizedBelowThreshold = SUM(CASE WHEN ie.AboveThreshold = 0 AND ie.FromARL = 0 AND ie.Recognized = 0 THEN CAST(ie.MatchedCount AS BIGINT) ELSE 0 END)
Counts are given for installer evidence with "AboveThreshold" and "BelowThreshold" matches - where the threshold is 0.5% of the number of active inventory device (computer) records in the system.
Counts are also broken out by number of installer evidence records, and number of matches.
Calculating the following number will give a reasonable heuristic to understand what % of installer evidence that has been found on a meaningful ("above threshold") number of computers has been recognized by rules which are currently configured in your ARL:
(MatchesRecognizedByARLAboveThreshold + MatchesRecognizedByLocalAboveThreshold) / (MatchesRecognizedByARLAboveThreshold + MatchesRecognizedByLocalAboveThreshold + MatchesUnrecognizedAboveThreshold)
You can compare various other ratios in these results too, but this ratio is the one I've found to be most pragmatically meaningful.
Feb 08, 2021 11:35 PM
I did complete analysis based on the evidences we have processed / mapped in the ARL and the stats looks
We have around ~8.5% coverage on non-windows platform based on the following installer types
Feb 10, 2021 12:01 AM
The above stat talks about the % of evidences we have in the library BUT when it comes to coverage of Non-windows applications we do support most of the non-windows applications based on the standard installer technology and Advanced installer technologies
We had good coverage of non-windows applications for
I will get the stats based on the number of applications.
Feb 10, 2021 01:43 AM
Hi @Ronny_OO7 ,
In general, for non-Windows just like Windows, we focus on installer evidence for recognition, but as you say file evidence is certainly used. I know that in Unix and Linux environments, it's often necessary to configure a very broad scan to handle software accessed via a mounted drive.
@Hanumanthagowda will provide some statistics, but overall other than for key publishers and applications it will not be a good use of time to sort through those millions of file evidence records.
Feb 02, 2021 08:32 PM
HI Natalie,
Thanks for your response. This is what I expected: The focus is on installer evidence for recognition. But the big question then is how good is general coverage of applications coming from Installer evidence? If this is like 60% we are missing a big piece of the pie and can't rely on compliance.
If it is much better then it doesn't make sense to do a full drive scan if nothing is done with the file evidence delivered.
Thanks Ill wait for the statistics provided by @Hanumanthagowda
Regards
Ronald
Feb 03, 2021 01:15 AM
I did complete analysis on the evidences we have processed / mapped in the ARL library and the stats looks like
We have around ~8.5% Coverage on on-windows platform based on the following installer types
Feb 09, 2021 11:55 PM
I have an ongoing ticket in regards to that some windows applications recognition rules are detected on MAC's.
Examples are Spotify, Drift, Document Management all get linked to commercial applications, but are really native tools on MacOS.
But my gut feeling says, the MAC evidences are better than Linux
Feb 03, 2021 01:12 AM
Thanks, I also agree with your gut feelings. Unfortunate for us the Mac this is on the desktop side and that is usually not where the big financial risk is located.
Cheers
Ronald
Feb 03, 2021 01:17 AM
User | Count |
---|---|
8 | |
6 | |
3 | |
3 |