This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enable high fidelity OS evidence for import from FNMS to IT Visibility

Introduction

For IT Visibility to import high fidelity OS information, it needs a specific set of properties that FNMS versions 2020 R2 and below do not provide. This page contains information on how to enable FNMS 2020 R2 and below to extract the specific properties from SCCM, ADDM and Flexera agent data that IT Visibility needs. From there, IT Visibility importer (available from Installers page under Discovery and Inventory) will extract it and send to IT Visibility for consumption.

 

Pre-requisites

FNMS 2019 R2 - FNMS 2020 R2

  1. FNMS 2021 R1 and later versions contain all these changes, do not take steps described in this article
  2. These steps are needed for export from FNMS
  3. Access to the FNMS Batch Server - these changes need to be done on the FNMS Batch Server
  4. Have knowledge on dealing with XML files
  5. Make a backup of all your Custom Readers and files affected

Enable OS Evidence extraction - Missing CustomInventory directory

Start here

  • This set of steps is for users who do not have custom inventory readers (CustomInventory directory inside C:\ProgramData\Flexera Software\Compliance\ImportProcedures).
  • Follow the steps below.

Files required

  • SCCM
    • Custom Inventory for SCCM.7z
  • BMC Atrium Discovery and Dependency Mapping
    • CustomInventory for BMC.7z
  •  ManageSoft
    • CustomInventory for FNMP.7z

Instructions

  • Download files attached to this article for the source you use
  • Extract them somewhere
    • After extracting and inside the extracted directory, there will be a CustomInventory folder with files inside.
  • Copy them to this directory: C:\ProgramData\Flexera Software\Compliance\ImportProcedures
  • WARNING:
    • If this is the first CustomInventory directory, it is safe to overwrite the importer.xml file
    • If there is an existing CustomInventory directory, it may not be safe to do so.
      • As an alternative for the importer.xml file, you can add the xml element code block (the one inside the downloaded files) to the existing one.
  • Done
  • You can test them by running the compliance readers
  • The directory structure inside the C:\ProgramData\Flexera Software\Compliance\ImportProcedures will loosely look like the one below
- AdapterStudioTemplates
- CustomInventory
    - Reader
        - BMC Atrium Discovery and Dependency Mapping
            - reader.config
            - WMIEvidence.xml
        - ManageSoft
            - reader.config
            - WMIEvidence.xml
        - SMS
            - reader.config
            - WMIEvidence.xml
    - Importer.xml
- Inventory
- ObjectAdapters

Enable OS Evidence extraction - Existing CustomInventory directory

Start here

  • This set of steps is for users who do have custom inventory readers (CustomInventory directory inside C:\ProgramData\Flexera Software\Compliance\ImportProcedures).
  • Users will need to manually modify and merge XML element code blocks. They will be outlined below. 
    • If they don't have it, they will have to follow the step above
  • There are 3 compliance reader directories/sources to modify which in turn enable OS evidence extraction.
  • The instructions below mainly focus on modifying XML elements

 

BMC Atrium Discovery and Dependency Mapping (ADDM)

Notes

  • Follow these steps if you have an existing CustomInventory BMC Atrium Discovery and Dependency Mapping reader
  • Modifications will need to be done in the following directories:
    • C:\ProgramData\Flexera Software\Compliance\ImportProcedures\CustomInventory\Reader\BMC Atrium Discovery and Dependency Mapping
  • Existing steps (element code blocks) will need to be modified and split. They need to be run on different versions of the database. The changes are outlined below:

 

Existing element code block modification

Order 620: Create ID fields for WMI evidence in the source database

  • There is an existing step that looks like the code below:
Create ID fields for WMI evidence in the source database - Before 
<Reader xsi:type="ExecuteOnSource"
            Name="Create ID fields for WMI evidence in the source database"
            Order="620"
            Retries="1">
        <![CDATA[ ....
        ...
</Reader>
  • Add a new attribute (VersionBefore="1.11") to the step above
  • Once done, it should loosely look like the code block below
Create ID fields for WMI evidence in the source database - After 
<Reader xsi:type="ExecuteOnSource"
            Name="Create ID fields for WMI evidence in the source database"
            Order="620"
            Retries="1"
            VersionBefore="1.11">
        <![CDATA[ ...
        ...
</Reader>

Order 640: Read WMI evidence on computers into FNMP

  • There is an existing step that looks like the code below:
Read WMI evidence on computers into FNMP - Before 
<Reader xsi:type="SourceToTarget"
        Name="Read WMI evidence on computers into FNMP"
        Order="640"
        Retries="1"
        Table="#InstalledWMIEvidence">
        <![CDATA[ ....
        ...
</Reader>
  • Add a new attribute (VersionBefore="1.11") to the step above
  • Once done, it should loosely look like the code block below
Read WMI evidence on computers into FNMP - After
<Reader xsi:type="SourceToTarget"
        Name="Read WMI evidence on computers into FNMP"
        Order="640"
        Retries="1"
        Table="#InstalledWMIEvidence"
        VersionBefore="1.11">
        <![CDATA[ ...
        ...
</Reader>

New element code block introduction

Order 620: Create ID fields for WMI evidence in the source database

  • Just after the element code block from the step: "Order 620: Create ID fields for WMI evidence in the source database", insert the new element code block (depicted below) after it.
Order 620: Create ID fields for WMI evidence in the source database - New:
<Reader xsi:type="ExecuteOnSource"
            Name="Create ID fields for WMI evidence in the source database"
            Order="620"
            Retries="1"
            VersionFrom="1.11">
        <![CDATA[
     
        IF OBJECT_ID('tempdb..#WMIEvidence') IS NOT NULL
        BEGIN
            DROP TABLE #WMIEvidence
        END
        CREATE TABLE #WMIEvidence
        (
            ClassName nvarchar(50) COLLATE database_default,
            PropertyName nvarchar(50) COLLATE database_default,
            PropertyValue nvarchar(256)  COLLATE database_default,
            ExternalID int identity(1,1)
        )
 
        -- This step gets the list of WMI evidence, and manufactures an ID for
        -- each unique evidence.
        -- By default, this operating system information is the only required
        -- WMI information for FNMP.
        -- You may return extra data to use yourself in application recognition
 
        -- IMPORTANT
        --
        -- All 3 fields returned by this query are CRITICAL to the recognition of operating systems.
        -- If your data source cannot provide these fields then there will be no
        -- operating system recognition.
     
        -- Fields:
        --   ClassName - mandatory string, the name of the WMI class
        --   PropertyName - mandatory string, the name of the property inside the class
        --   PropertyValue - mandatory string, the value of the named property for the class instance
        INSERT #WMIEvidence (
                ClassName,
                PropertyName,
                PropertyValue
            )
        SELECT DISTINCT
            CASE OSType
                WHEN 'Windows' THEN 'Win32_OperatingSystem'
                WHEN 'VMware ESX' THEN 'VMWARE_OperatingSystem'
                WHEN 'VMware ESXi' THEN 'VMWARE_OperatingSystem'
                ELSE 'MGS_OperatingSystem'
            END AS ClassName,
            'Caption' AS PropertyName,
            LEFT(OS, 256) AS PropertyValue
        FROM dbo.Host
        WHERE OS IS NOT NULL
 
        UNION
 
        SELECT DISTINCT
            CASE OSType
                WHEN 'Windows' THEN 'Win32_OperatingSystem'
                WHEN 'VMware ESX' THEN 'VMWARE_OperatingSystem'
                WHEN 'VMware ESXi' THEN 'VMWARE_OperatingSystem'
                ELSE 'MGS_OperatingSystem'
            END AS ClassName,
            'Name' AS PropertyName,
            LEFT(OSType, 256) AS PropertyValue
        FROM dbo.Host
        WHERE OSType IS NOT NULL
 
        UNION
 
        SELECT DISTINCT
            'ADDM_OperatingSystem' AS ClassName,
            'OS' AS PropertyName,
            OS AS PropertyValue
        FROM dbo.Host
        WHERE OS IS NOT NULL
         
        UNION
         
        SELECT DISTINCT
            'ADDM_OperatingSystem' AS ClassName,
            'Type' AS PropertyName,
            OSType AS PropertyValue
        FROM dbo.Host
        WHERE OSType IS NOT NULL
 
        UNION
         
        SELECT DISTINCT
            'ADDM_OperatingSystem' AS ClassName,
            'Edition' AS PropertyName,
            OSEdition AS PropertyValue
        FROM dbo.Host
        WHERE OSEdition IS NOT NULL
 
        UNION
         
        SELECT DISTINCT
            'ADDM_OperatingSystem' AS ClassName,
            'Version' AS PropertyName,
            OSVersion AS PropertyValue
        FROM dbo.Host
        WHERE OSVersion IS NOT NULL
 
        UNION
         
        SELECT DISTINCT
            'ADDM_OperatingSystem' AS ClassName,
            'Build' AS PropertyName,
            OSBuild AS PropertyValue
        FROM dbo.Host
        WHERE OSVendor IS NOT NULL
 
        UNION
         
        SELECT DISTINCT
            'ADDM_OperatingSystem' AS ClassName,
            'Vendor' AS PropertyName,
            OSVendor AS PropertyValue
        FROM dbo.Host
        WHERE OSVendor IS NOT NULL
 
        DECLARE @msgstr nvarchar(1000) -- this is used for tracing
        SET @msgstr = N'Found ' + CAST(@@ROWCOUNT AS nvarchar(1000)) + N' distinct WMI evidence in the source database.'
        RAISERROR (@msgstr, 0, 1) WITH NOWAIT
     
        ]]>
</Reader>
 
 

 

Order 640: Read WMI evidence on computers into FNMP

  • Just after the element code block from the step: "Order 640: Read WMI evidence on computers into FNMP", insert the new element code block (depicted below) after it.
Order 640: Read WMI evidence on computers into FNMP - New 
<Reader xsi:type="SourceToTarget"
            Name="Read WMI evidence on computers into FNMP"
            Order="640"
            Retries="1"
            Table="#InstalledWMIEvidence"
            VersionFrom="1.11">
        <![CDATA[
 
        -- This step gets the WMI evidence on each computer
        -- By default, this operating system information is the only required
        -- WMI information for FNMP.
        -- You may return extra data to use yourself in application recognition
 
        -- IMPORTANT
        --
        -- Be careful when modifying this query. The JOIN only uses the property value
        -- because the Class and PropertyName are hardcoded values in the previous
        -- query. If you return more than just this simple data, then you
        -- will need to have real joins on the Class and PropertyName as well.
 
        -- Fields:
        --   ExternalEvidenceID - mandatory int, the generated ID for the evidence
        --   ExternalHostKey, - mandatory, the ID of the computer
 
        SELECT
            evidence.ExternalID,
            instevidence.HostKey
        FROM (
            SELECT DISTINCT
                CASE OSType
                    WHEN 'Windows' THEN 'Win32_OperatingSystem'
                    WHEN 'VMware ESX' THEN 'VMWARE_OperatingSystem'
                    WHEN 'VMware ESXi' THEN 'VMWARE_OperatingSystem'
                    ELSE 'MGS_OperatingSystem'
                END AS ClassName,
                'Caption' AS PropertyName,
                LEFT(OS, 256) AS PropertyValue,
                HostKey
            FROM dbo.Host
            WHERE OS IS NOT NULL
 
            UNION
 
            SELECT DISTINCT
                CASE OSType
                    WHEN 'Windows' THEN 'Win32_OperatingSystem'
                    WHEN 'VMware ESX' THEN 'VMWARE_OperatingSystem'
                    WHEN 'VMware ESXi' THEN 'VMWARE_OperatingSystem'
                    ELSE 'MGS_OperatingSystem'
                END AS ClassName,
                'Name' AS PropertyName,
                LEFT(OSType, 256) AS PropertyValue,
                HostKey
            FROM dbo.Host
            WHERE OSType IS NOT NULL
 
            UNION
 
            SELECT DISTINCT
                'ADDM_OperatingSystem' AS ClassName,
                'OS' AS PropertyName,
                OS AS PropertyValue,
                HostKey
            FROM dbo.Host
            WHERE OS IS NOT NULL
             
            UNION
             
            SELECT DISTINCT
                'ADDM_OperatingSystem' AS ClassName,
                'Type' AS PropertyName,
                OSType AS PropertyValue,
                HostKey
            FROM dbo.Host
            WHERE OSType IS NOT NULL
 
            UNION
             
            SELECT DISTINCT
                'ADDM_OperatingSystem' AS ClassName,
                'Edition' AS PropertyName,
                OSEdition AS PropertyValue,
                HostKey
            FROM dbo.Host
            WHERE OSEdition IS NOT NULL
 
            UNION
             
            SELECT DISTINCT
                'ADDM_OperatingSystem' AS ClassName,
                'Version' AS PropertyName,
                OSVersion AS PropertyValue,
                HostKey
            FROM dbo.Host
            WHERE OSVersion IS NOT NULL
 
            UNION
             
            SELECT DISTINCT
                'ADDM_OperatingSystem' AS ClassName,
                'Build' AS PropertyName,
                OSBuild AS PropertyValue,
                HostKey
            FROM dbo.Host
            WHERE OSVendor IS NOT NULL
 
            UNION
             
            SELECT DISTINCT
                'ADDM_OperatingSystem' AS ClassName,
                'Vendor' AS PropertyName,
                OSVendor AS PropertyValue,
                HostKey
            FROM dbo.Host
            WHERE OSVendor IS NOT NULL
        ) AS instevidence
        JOIN #WMIEvidence evidence
            ON instevidence.ClassName = evidence.ClassName
                AND instevidence.PropertyName = evidence.PropertyName
                AND instevidence.PropertyValue = evidence.PropertyValue
 
        -- do not add tracing here, because SourcetoTarget Readers transfer the last SQL query to the FNMP database.   
        ]]>
</Reader>

 

How do I know it works?

  • Run the Compliance Reader

  • Check the database and run the sql query below on the FNMP database against the compliance connection

ImportedWMIEvidence query:
SELECT
    *
FROM
    ImportedWMIEvidence
WHERE
    ComplianceConnectionID = <COMPLIANCE_CONNECTION_HERE>
    AND ClassName = 'ADDM_OperatingSystem'
 
  • When installed right, it should populate values in that table with a ClassName of 'ADDM_OperatingSystem'

 

SMS (SCCM)

Notes

  • Follow these steps if you have an existing CustomInventory SMS reader
  • Modifications will need to be done in the following directories:
    • Reader - C:\ProgramData\Flexera Software\Compliance\ImportProcedures\CustomInventory\Reader\SMS
    • Writer - C:\ProgramData\Flexera Software\Compliance\ImportProcedures\Inventory\Writer
  • As there are too many changes between 2019 R2 - 2020 for SMS WMIEvidence.xml, we will be replacing the entire reader file.
  • We will also make minor changes to the Writer WMIEvidence.xml file

 

Reader - WMIEvidence.xml

  • In the SMS Reader directory (C:\ProgramData\Flexera Software\Compliance\ImportProcedures\CustomInventory\Reader\SMS), you can replace the existing file with the one below. WARNING: If you have custom changes to the files, you will have to manually re-merge them after
    • WMIEvidence.xml

 

Writer - WMIEvidence.xml

  • We will be doing minor code changes to the Writer - WMIEvidence.xml file. You can find the file inside the C:\ProgramData\Flexera Software\Compliance\ImportProcedures\Inventory\Writer directory
  • There is an existing element code block  (Order 810: CalculateInstalledWMIEvidence). It will need to be replaced with the code block below.
Order 810: CalculateIntalledWMIEvidence - New:
<Writer xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
        Name="CalculateInstalledWMIEvidence"
        Order="810"
        Retries="1">
 
    --INSERT INTO dbo.InstalledWMIEvidence(WMIEvidenceID, ComplianceComputerID)
    -- Find the records that do not exist in InstalledInstallerEvidence
     
    CREATE TABLE #InstalledWMIEvidenceComputerMap (
        WMIEvidenceID           int,
        ComplianceComputerID    int,
        AccessModeID            int,
        InstanceName            nvarchar(256) COLLATE database_default NOT NULL,
    )
     
    INSERT #InstalledWMIEvidenceComputerMap(WMIEvidenceID, ComplianceComputerID, AccessModeID, InstanceName)
    SELECT DISTINCT
        EvidenceRuleMap.EvidenceRuleID,
        cc.ComplianceComputerID,
        1 AS AccessModeID, -- Local access mode
        ISNULL(iiwe.InstanceName, '')
    FROM dbo.ImportedInstalledWMIEvidence AS iiwe
    INNER JOIN dbo.TableComplianceConnectionFilter(@SourceConnectionName) AS conn ON conn.ComplianceConnectionID = iiwe.ComplianceConnectionID
    INNER JOIN
        (
            SELECT ComplianceConnectionID, ComplianceComputerID, ExternalID, ROW_NUMBER() OVER (PARTITION BY ComplianceConnectionID, ComplianceComputerID ORDER BY InventoryDate DESC) AS RowNum FROM dbo.ImportedComputer
        ) AS ic
        ON ic.ExternalID = iiwe.ExternalComputerID
        AND ic.ComplianceConnectionID = iiwe.ComplianceConnectionID
        AND ic.RowNum = 1
    INNER JOIN dbo.ComplianceComputer AS cc
        ON cc.ComplianceComputerID = ic.ComplianceComputerID
    INNER JOIN dbo.ImportedWMIEvidenceRuleMapping AS EvidenceRuleMap
        ON EvidenceRuleMap.ExternalEvidenceID = iiwe.ExternalEvidenceID
        AND EvidenceRuleMap.ComplianceConnectionID = iiwe.ComplianceConnectionID
         
    -- Create index after the insert for performance
    CREATE INDEX IX_InstalledWMIEvidenceComputerMap ON #InstalledWMIEvidenceComputerMap (WMIEvidenceID, ComplianceComputerID, InstanceName)
</Writer>

 

How do I know it works?

  • Run the Compliance Reader

  • Check the database and run the sql query below on the FNMP database against the compliance connection

ImportedWMIEvidence query 
SELECT
    *
FROM
    ImportedWMIEvidence
WHERE
    ComplianceConnectionID = <COMPLIANCE_CONNECTION_HERE>
    AND ClassName = 'Win32_OperatingSystem'
 
  • When installed right, it should populate values in that table with a ClassName of 'Win32_OperatingSystem'

 

ManageSoft

Notes

  • Follow these steps if you have an existing CustomInventory ManageSoft reader
  • Modifications will need to be done in the following directories:
    • Reader - C:\ProgramData\Flexera Software\Compliance\ImportProcedures\CustomInventory\Reader\ManageSoft
  • Only 1 Compliance Reader file needs to be changed. It is:
    • ManageSoft WMIEvidence.xml
  • Only 1 element code block needs to be replaced
  • There is an existing element code block  (Order 1120: Include additional WMI Evidence). It will need to be replaced with the code block below.
Order 1120: Include additional WMI Evidence 
 
            xsi:type="ExecuteOnSource"
            Name="Include additional WMI Evidence"
            Order="1120"
            Retries="1">
        DECLARE
        @SuperClassName nvarchar(256),
        @ClassName nvarchar(50),
        @SQLServiceClassName nvarchar(50),
        @MSSQLServerClassName nvarchar(50)
 
        SET @SuperClassName = 'CIM_OperatingSystem'
        SET @ClassName = 'MGS_Application'
        SET @SQLServiceClassName = 'MGS_SqlService'
        SET @MSSQLServerClassName = 'MSSQL_SQLServer'
 
 
        DECLARE
        @SuperClassID int,
        @ClassID int,
        @SQLServiceClassID int,
        @MSSQLServerClassID int
 
        SET @SuperClassID = (SELECT hc.HardwareClassID FROM dbo.HardwareClass AS hc WHERE hc.Class = @SuperClassName)
        SET @ClassID = (SELECT hc.HardwareClassID FROM dbo.HardwareClass AS hc WHERE hc.Class = @ClassName)
        SET @SQLServiceClassID = (SELECT hc.HardwareClassID FROM dbo.HardwareClass AS hc WHERE hc.Class = @SQLServiceClassName)
        SET @MSSQLServerClassID = (SELECT hc.HardwareClassID FROM dbo.HardwareClass AS hc WHERE hc.Class = @MSSQLServerClassName)
 
        INSERT #MGSFTWMIEvidence    (ClassName, PropertyName, PropertyValue)
        SELECT DISTINCT
        LEFT(rtrim(ltrim(hc.Class)), 50) AS ClassName,
        LEFT(rtrim(ltrim(hp.[Property])), 50) AS PropertyName,
        LEFT(rtrim(ltrim(hv.[Value])), 256) AS PropertyValue
        FROM dbo.HardwareValue AS hv WITH(NOLOCK)
        JOIN dbo.HardwareProperty hp WITH(NOLOCK) ON hp.HardwarePropertyID = hv.HardwarePropertyID
        JOIN dbo.HardwareObject ho WITH(NOLOCK) ON ho.HardwareObjectID = hv.HardwareObjectID
        JOIN dbo.HardwareClass hc WITH(NOLOCK) ON hc.HardwareClassID = ho.HardwareClassID
        WHERE (
        (
        (hc.HardwareClassID = @SuperClassID OR hc.SuperClassID = @SuperClassID)
        )
        OR
        (hc.HardwareClassID IN (@ClassID, @SQLServiceClassID, @MSSQLServerClassID))
        )
        AND (hv.[Value] IS NOT NULL)
        AND NOT EXISTS
        (
        SELECT 1 FROM #MGSFTWMIEvidence e
        WHERE e.ClassName = LEFT(ltrim(rtrim(hc.Class)), 50)
        AND e.PropertyName = LEFT(ltrim(rtrim(hp.[Property])), 50)
        AND e.PropertyValue = LEFT(ltrim(rtrim(hv.[Value])), 256)
        )
        OPTION (MAXDOP 1)
 
        PRINT N'Found additional ' + CONVERT(NVARCHAR(1000), @@ROWCOUNT) + N' WMI Evidence records in source database'
    </Reader>

 

How do I know it works?

  • Run the Compliance Reader

  • Check the database and run the sql query below on the FNMP database against the compliance connection

SELECT
    *
FROM
    ImportedWMIEvidence
WHERE
    ComplianceConnectionID = <COMPLIANCE_CONNECTION_HERE>
    AND ClassName = 'Win32_OperatingSystem'
    -- Check for high fidelity data
    AND PropertyName NOT IN ('Name', 'Caption')
  • When installed right, the above query will return data

 

 

on ‎Jan 12, 2021 05:40 AM - edited on ‎Oct 23, 2022 10:27 PM by Community Manager Community Manager

Labels:
Custom Inventory for SCCM.7z
CustomInventory for FNMP.7z
CustomInventory for BMC.7z
Was this article helpful? Yes No
No ratings
Version history
Last update:
‎Oct 23, 2022 10:27 PM
Updated by:
Community Manager Community Manager