Identity Finder Audit - Windows Vista/7/8 - superseded
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is an older version.

1IDF - Identity Finder Audit - Win711/29/2012 10:29:56 AM
2Identity Finder Audit - Windows Vista/7/86/26/2013 2:19:36 PM
3Identity Finder Audit - Windows Vista/7/810/7/2013 8:34:58 AM
4IDF - Identity Finder Audit - Windows Vista/7/87/1/2014 10:58:38 AM

Description

This Analysis will audit the version of Identity Finder Installed on a Windows System. This Analysis also looks for Identity Finder log files on the system and determines when the last scan took place, as well as determining if the last scan was in the past 30 days. If there are no logs on the system from the current or previous calendar month, then the properties will return "No Recent Logs", which could mean that there are no logs what so ever. (typical in the case of a new installation)

Old Name: IDF - Identity Finder Audit - Win7

http://bigfix.me/cdb/analysis/48


Property Details

ID2994539
StatusBeta - Preliminary testing ready for more
TitleIdentity Finder Audit - Windows Vista/7/8
DomainBESC
KeywordsIDF, Identity Finder, Windows
Added by on 6/26/2013 2:19:36 PM
Last Modified by on 6/26/2013 2:19:36 PM
Counters 2970 Views / 2 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 1 rating. ** Log In or Register to add your rating.

Properties

Identity Finder Version
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
if exists keys whose (exists value "DisplayVersion" of it AND exists value "DisplayName" whose (it as string contains "Identity Finder") of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry then ((value "DisplayVersion" of it) as string) of keys whose (exists value "DisplayVersion" of it AND exists value "DisplayName" whose (it as string contains "Identity Finder") of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry else "NOT INSTALLED"
Identity Finder Last run on? (Windows 7/Vista)
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" AND exists files whose (name of it ends with ".log" AND name of it starts with "IDF_") of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") as string else "No IDF Logs"
Identity Finder Last run in 30 days? (Windows 7/Vista)
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" AND exists files whose (name of it ends with ".log" AND name of it starts with "IDF_") of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then (30*day > (now - maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) as string else "No Recent Logs"
Identity Matches in latest log file? (Windows 7/Vista)
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
if (exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" AND exists file whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then if (exists (line whose (it contains "Total Identity Matches: ") of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) then following text of last "Total Identity Matches: " of (line whose (it contains "Total Identity Matches: ") of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") as string else "Incomplete Log File" else "No Log Files"
Number of Log Files (Windows 7/Vista)
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
if(exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then number of files whose (name of it ends with ".log" AND name of it starts with "IDF_") of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" as string else "No log folders"
IDF Service Running?
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
exists running service "IDFEndpointService"
defaultTag
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
value "defaultTag" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Endpoint Service" of registry
endpointId
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
value "endpointId" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Endpoint Service" of registry
ERROR: Server Connection ?
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
exists line whose (it contains "Identity Finder is configured to communicate with the Enterprise Console but the server specified in the serverUrl setting cannot be contacted (The server name could not be resolved):") of file whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\"
IDF Log Folders?
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" as string

Relevance

isWindows (Relevance 1172)
Used in 1152 fixlets and 540 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 3 analyses   * Results in a true/false
Show indented relevance
(it = "Win8" OR it = "Win7" OR it = "WinVista") of name of operating system

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!