IDF - Identity Finder Audit - Universal BETA - superseded
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is an older version.

1IDF - Identity Finder Audit - Universal BETA5/13/2015 2:48:37 PM
2IDF - Identity Finder Audit - Universal BETA5/14/2015 8:27:47 AM
3IDF - Identity Finder Audit - Universal BETA5/14/2015 8:29:35 AM
4IDF - Identity Finder Audit - Universal BETA5/14/2015 12:38:53 PM
5IDF - Identity Finder Audit - Universal BETA5/14/2015 12:40:05 PM

Description

This is a work in progress

Property Details

ID2994806
StatusAlpha - Code that was just developed
TitleIDF - Identity Finder Audit - Universal BETA
DomainBESC
Added by on 5/14/2015 8:29:35 AM
Last Modified by on 5/14/2015 8:29:35 AM
Counters 3101 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

IDF Version
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (windows of operating system) then unique values of ( (it as string as version) of values "DisplayVersion" of keys whose (exists value "DisplayName" whose (it as string as lowercase contains "identity finder") of it) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x64 registries;x32 registries) ) else (versions of applications "Identity Finder.app")
defaultTag (Windows Only)
Period 12 hours
 
  * Results in a true/false
Show indented relevance
unique values of (it as string as trimmed string) of values "defaultTag" of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Endpoint Service" of (x64 registries;x32 registries)
Program Folder
Period 12 hours
 
  * Results in a true/false
Show indented relevance
if (windows of operating system) then ( folders ( (it as string as trimmed string) of values "InstallLocation" of keys whose(value "DisplayName" of it as string as lowercase contains "identity finder") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x64 registries;x32 registries) ) ) else (folders "/Library/Application Support/Identity Finder")
Log Folders
Period 12 hours
 
  * Results in a true/false
Show indented relevance
( (folders of folders "Logs" of folders of folders "/Users/Shared/.identityfinder/Application/"); (folders "Library/Application Support/Identity Finder/Identity Finder Mac Edition/logs" of folders of folders "/Users"); ( ( (folders "ProgramData\Identity Finder\Logs\SystemSearch" of it); (folders "AppData\Local\Identity Finder\logs" of folders of folders "Users" of it) ) of folders "C:" ) )
# of Log Files
Period 12 hours
 
  * Results in a true/false
Show indented relevance
number of files whose (name of it ends with ".log" AND name of it starts with "IDF_") of ( (folders of folders "Logs" of folders of folders "/Users/Shared/.identityfinder/Application/"); (folders "Library/Application Support/Identity Finder/Identity Finder Mac Edition/logs" of folders of folders "/Users"); ( ( (folders "ProgramData\Identity Finder\Logs\SystemSearch" of it); (folders "AppData\Local\Identity Finder\logs" of folders of folders "Users" of it) ) of folders "C:" ) )
# of Successful Scans
Period 12 hours
 
  * Results in a true/false
Show indented relevance
number of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND exists lines whose(it ends with /* Search Completed */ "%00S%00e%00a%00r%00c%00h%00 %00C%00o%00m%00p%00l%00e%00t%00e%00d%00") of it) of ( (folders of folders "Logs" of folders of folders "/Users/Shared/.identityfinder/Application/"); (folders "Library/Application Support/Identity Finder/Identity Finder Mac Edition/logs" of folders of folders "/Users"); ( ( (folders "ProgramData\Identity Finder\Logs\SystemSearch" of it); (folders "AppData\Local\Identity Finder\logs" of folders of folders "Users" of it) ) of folders "C:" ) )
Creation Date of most recent log file
Period 6 hours
 
  * Results in a true/false
Show indented relevance
maxima of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_") of ( (folders of folders "Logs" of folders of folders "/Users/Shared/.identityfinder/Application/"); (folders "Library/Application Support/Identity Finder/Identity Finder Mac Edition/logs" of folders of folders "/Users"); ( ( (folders "ProgramData\Identity Finder\Logs\SystemSearch" of it); (folders "AppData\Local\Identity Finder\logs" of folders of folders "Users" of it) ) of folders "C:" ) )
IDF run in the past 30 days?
Period 30 minutes
 
  * Results in a true/false
Show indented relevance
exists (now - it) whose(it < 30*day) of maxima of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_") of ( (folders of folders "Logs" of folders of folders "/Users/Shared/.identityfinder/Application/"); (folders "Library/Application Support/Identity Finder/Identity Finder Mac Edition/logs" of folders of folders "/Users"); ( ( (folders "ProgramData\Identity Finder\Logs\SystemSearch" of it); (folders "AppData\Local\Identity Finder\logs" of folders of folders "Users" of it) ) of folders "C:" ) )

Relevance

IDF exists (Mac or Windows) (Relevance 3002319)
Used in 5 analyses   * Results in a "string"/number
Show indented relevance
(exists ( (folders "/Library/Application Support/Identity Finder");(folders of folders "Logs" of folders of folders "/Users/Shared/.identityfinder/Application/"); (folders "Library/Application Support/Identity Finder/Identity Finder Mac Edition/logs" of folders of folders "/Users"); ( ( (folders "ProgramData\Identity Finder\Logs\SystemSearch" of it); (folders "AppData\Local\Identity Finder\logs" of folders of folders "Users" of it) ) of folders "C:\" ) ) ) OR ( if (windows of operating system) then (exists service "IDFEndpointService") OR (exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder" of registries) OR (exists keys "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder_UPGBK" of (x64 registries;x32 registries)) OR (exists keys whose (exists value "DisplayName" whose (it as string as lowercase contains "identity finder") of it) of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of (x64 registries;x32 registries)) else FALSE )
Used in 5 analyses   * Results in a true/false
Show indented relevance
(windows of operating system) OR (mac of operating system)

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!