Chocolatey Audit - Windows
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Chocolatey Audit - Windows6/4/2015 8:37:19 PM
2Chocolatey Audit - Windows6/7/2015 8:47:29 AM

Description


Property Details

ID2994810
StatusAlpha - Code that was just developed
TitleChocolatey Audit - Windows
DomainBESC
Added by on 6/7/2015 8:47:29 AM
Last Modified by on 6/7/2015 8:47:29 AM
Counters 2546 Views / 28 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

Version of Chocolatey
Period 1 hour
 
  * Results in a "string"/number
Show indented relevance
unique values of versions of files "choco.exe" of ( parent folders of folders ( unique values of (substrings separated by ";" of it) whose(it as lowercase contains "choco") of unique values of (it as string as trimmed string) of values "Path" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) ) ; folders ( unique values of (it as string as trimmed string) of values "ChocolateyInstall" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) ) )
Path to Chocolatey
Period 1 hour
 
  * Results in a true/false
Show indented relevance
unique values of pathnames of ( parent folders of folders ( unique values of (substrings separated by ";" of it) whose(it as lowercase contains "choco") of unique values of (it as string as trimmed string) of values "Path" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) ) ; folders ( unique values of (it as string as trimmed string) of values "ChocolateyInstall" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) ) )
last 100 lines of chocolatey.log file
Period 12 hours
 
  * Results in a "string"/number
Show indented relevance
(item 1 of /* -> This "it" refers to the last 100 lines of the file -> */ it) whose( /* -> remove empty lines, which is why this relevance can return less than 100 lines per file -> */ it as trimmed string != "") of ( /* -> this is the number of lines of the file from the previous statement -> */ item 1 of it, (lines of /* -> the file object -> */ item 0 of it) ) /* -> This whose statement is responsible for filtering for only the last 100 lines of the file -> */ whose ( (line number of /* -> lines of the file -> */ item 1 of it) > ( /* -> number of lines of the file -> */ item 0 of it - 100 /* <- This is the number of lines to return, which is subtracted from the total # of lines <- */ ) ) of ( /* -> the parent file object itself -> */ it, number of lines of it) of files "chocolatey.log" of folders "logs" of (folder it) of unique values of pathnames of ( ( (folder it) of unique values of (it as string as trimmed string) of values "ChocolateyInstall" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) );( parent folders of (folder it) of unique values of (substrings separated by ";" of it) whose(it as lowercase contains "choco") of unique values of (it as string as trimmed string) of values "Path" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) ) )
Installed Software (not all)
Period 6 hours
 
  * Results in a true/false
Show indented relevance
(it as trimmed string) of unique values of ( (preceding text of first "has been installed successfully." of it | preceding text of first "was successful." of it) of (following text of first "The install of" of it | following text of first " - " of it) ) of lines whose(it contains "has been installed successfully." OR it contains "was successful.") of files "chocolatey.log" of folders "logs" of (folder it) of unique values of pathnames of ( ( (folder it) of unique values of (it as string as trimmed string) of values "ChocolateyInstall" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) );( parent folders of (folder it) of unique values of (substrings separated by ";" of it) whose(it as lowercase contains "choco") of unique values of (it as string as trimmed string) of values "Path" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) ) )
# of packages installed
Period 6 hours
 
  * Results in a true/false
Show indented relevance
sums of (it as trimmed string as integer) of ( (preceding text of first "packages installed." of it | preceding text of first "/" of it) of (following text of first "Chocolatey installed" of it | following text of first " - " of it) ) of lines whose(it contains "Chocolatey installed" OR it contains "packages installed.") of files "chocolatey.log" of folders "logs" of (folder it) of unique values of pathnames of ( ( (folder it) of unique values of (it as string as trimmed string) of values "ChocolateyInstall" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) );( parent folders of (folder it) of unique values of (substrings separated by ";" of it) whose(it as lowercase contains "choco") of unique values of (it as string as trimmed string) of values "Path" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) ) )
# of packages failed
Period 6 hours
 
  * Results in a "string"/number
Show indented relevance
sums of (it as trimmed string as integer) of (preceding text of first "package(s) failed." of following text of first "package(s)." of it) of lines whose(it contains "Chocolatey installed" AND it contains "package(s) failed." AND it contains "package(s).") of files "chocolatey.log" of folders "logs" of (folder it) of unique values of pathnames of ( ( (folder it) of unique values of (it as string as trimmed string) of values "ChocolateyInstall" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) );( parent folders of (folder it) of unique values of (substrings separated by ";" of it) whose(it as lowercase contains "choco") of unique values of (it as string as trimmed string) of values "Path" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) ) )
# of packages with warnings
Period 6 hours
 
  * Results in a "string"/number
Show indented relevance
sums of (it as trimmed string as integer) of (preceding text of first "package(s) had warnings." of it) of lines whose(it contains "package(s) had warnings.") of files "chocolatey.log" of folders "logs" of (folder it) of unique values of pathnames of ( ( (folder it) of unique values of (it as string as trimmed string) of values "ChocolateyInstall" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) );( parent folders of (folder it) of unique values of (substrings separated by ";" of it) whose(it as lowercase contains "choco") of unique values of (it as string as trimmed string) of values "Path" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) ) )
temp folders
Period 6 hours
 
  * Results in a true/false
Show indented relevance
pathnames of folders of folders "chocolatey" of (folders "Temp" of windows folders ; folders "AppData\Local\Temp" of folders of folders "C:\Users")

Relevance

isWindows (Relevance 1172)
Used in 1111 fixlets and 524 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Windows Vista or later (Relevance 2999204)
Used in 7 fixlets and 3 analyses   * Results in a true/false
Show indented relevance
version of operating system > "5.1"
Used in 2 analyses   * Results in a true/false
Show indented relevance
(exists folders "C:\Chocolatey") OR ( exists values "ChocolateyInstall" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) ) OR ( exists (substrings separated by ";" of it) whose(it as lowercase contains "\chocolatey\") of unique values of (it as string as trimmed string) of values "Path" of keys "Control\Session Manager\Environment" of keys whose(name of it contains "ControlSet") of keys "HKEY_LOCAL_MACHINE\SYSTEM" of (x64 registries;x32 registries) )

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!