Cb Protection - Agent Details
Log In or Register to download the BES file, and more.

0 Votes

Description

This analysis returns details of the Carbon Black Protection Agent including:

  • Version
  • Install Date
  • Service State
  • Host Group
  • Backend Server
  • Current Level of Enforcement
  • Unique Files
  • Tamper Protection Status

Note: The 'Current Level of Enforcement', 'Unique Files', and 'Tamper Protection Status' properties require that the 'Collect Carbon Black Enterprise Protection Agent DasCLI status' task be run before they are able to return data.


Property Details

ID2998401
StatusProduction - Fully Tested and Ready for Production
TitleCb Protection - Agent Details
DomainBESC
KeywordsIBM BigFix & Carbon Black Integration Content
Added by on 9/16/2016 11:50:51 AM
Last Modified by on 9/28/2016 1:11:53 PM
Counters 4200 Views / 145 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 1 rating. ** Log In or Register to add your rating.

Properties

Version
Period 1 hour
 
  * Results in a true/false
Show indented relevance
version of service whose (display name of it = "Bit9 Agent") as string | "n/a"
Install Date
Period 1 hour
 
  * Results in a true/false
Show indented relevance
(value "InstallDate" of keys whose (value "DisplayName" of it = "Bit9 Agent") of key "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of registry as string) | "n/a"
Service State
Period Every Report
 
  * Results in a true/false
Show indented relevance
state of service whose (display name of it = "Bit9 Agent") | "n/a"
Host Group
Period 1 hour
 
  * Results in a true/false
Show indented relevance
value "B9_HOSTGROUP" of key "HKLM\Software\Bit9\Parity Agent\ServerSettings" of registry as string | "n/a"
Backend Server
Period 1 hour
 
  * Results in a true/false
Show indented relevance
(value "B9_SERVER_IP" of it as string & ":" & value "B9_SERVER_PORT" of it as string) of key "HKLM\Software\Bit9\Parity Agent\ServerSettings" of registry | "n/a"
Current Level of Enforcement
Period 1 hour
 
  * Results in a true/false
Show indented relevance
if (exists file "bit9_dasclistatus.txt" of storage folder of client) then (following text of first ":" of lines whose (it as string contains "Current" AND previous line of it as string contains "Enforcement Information") of file "bit9_dasclistatus.txt" of (storage folder of client) as trimmed string) else "n/a"
Unique Files
Period 1 hour
 
  * Results in a true/false
Show indented relevance
if (exists file "bit9_dasclistatus.txt" of storage folder of client) then (preceding text of first " " of (following text of first ":" of lines whose (it as string contains "Unique Files") of file "bit9_dasclistatus.txt" of (storage folder of client) as trimmed string)) else "n/a"
Tamper Protection Status
Period 1 hour
 
  * Results in a true/false
Show indented relevance
if (exists file "bit9_dasclistatus.txt" of storage folder of client) then (following text of first ":" of lines whose (it as string contains "Tamper Protection") of file "bit9_dasclistatus.txt" of (storage folder of client) as trimmed string) else "n/a"

Relevance

isWindows (Relevance 1172)
Used in 1111 fixlets and 524 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 73 fixlets and 6 analyses   * Results in a true/false
Show indented relevance
version of client >= "9.0"
Used in 1 fixlet and 1 analsis   * Results in a true/false
Show indented relevance
(exists keys whose (value "DisplayName" of it = "Bit9 Agent") of key "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of registry) OR (((value "DisplayVersion" of keys whose (value "DisplayName" of it = "Bit9 Agent") of key "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of registry) as string as version | ("0.0" as version)) = ("7.2.2" as version))

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!