IDF - Identity Finder Audit - Win7 - superseded
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is an older version.

1IDF - Identity Finder Audit - Win711/29/2012 10:29:56 AM
2Identity Finder Audit - Windows Vista/7/86/26/2013 2:19:36 PM
3Identity Finder Audit - Windows Vista/7/810/7/2013 8:34:58 AM
4IDF - Identity Finder Audit - Windows Vista/7/87/1/2014 10:58:38 AM

Description

This Analysis will audit the version of Identity Finder Installed on a Windows System. This Analysis also looks for Identity Finder log files on the system and determines when the last scan took place, as well as determining if the last scan was in the past 30 days. If there are no logs on the system from the current or previous calendar month, then the properties will return "No Recent Logs", which could mean that there are no logs what so ever. (typical in the case of a new installation)

Property Details

ID48
TitleIDF - Identity Finder Audit - Win7
DomainBESC
KeywordsIdentity Finder, Windows
Added by on 11/29/2012 10:29:56 AM
Last Modified by on 11/29/2012 10:29:56 AM
Counters 3881 Views / 2 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

Identity Finder Version
Period 6 hours
 
  * Results in a "string"/number
Show indented relevance
if exists keys whose (exists value "DisplayVersion" of it AND exists value "DisplayName" whose (it as string contains "Identity Finder") of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry then ((value "DisplayVersion" of it) as string) of keys whose (exists value "DisplayVersion" of it AND exists value "DisplayName" whose (it as string contains "Identity Finder") of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry else "NOT INSTALLED"
Last run on?
Period 6 hours
 
  * Results in a "string"/number
Show indented relevance
if (exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" AND exists files whose (name of it ends with ".log" AND name of it starts with "IDF_") of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_") of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") as string else "No IDF Logs"
Run in last 30 days?
Period 6 hours
 
  * Results in a "string"/number
Show indented relevance
if (exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" AND exists files whose (name of it ends with ".log" AND name of it starts with "IDF_") of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then (30*day > (now - maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_") of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) as string else "No Recent Logs"
Identity Matches
Period 6 hours
 
  * Results in a "string"/number
Show indented relevance
if (exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" AND exists file whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then if (exists (line whose (it contains "Total Identity Matches: ") of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) then following text of last "Total Identity Matches: " of (line whose (it contains "Total Identity Matches: ") of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") as string else "Incomplete Log File" else "No Log Files"
Win7 IDF Log file folder?
Period 12 hours
 
  * Results in a "string"/number
Show indented relevance
exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" as string
ERROR: Server Connection
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
exists line whose (it contains "Identity Finder is configured to communicate with the Enterprise Console but the server specified in the serverUrl setting cannot be contacted (The server name could not be resolved):") of file whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\"
Number of Log Files
Period 12 hours
 
  * Results in a "string"/number
Show indented relevance
if(exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then number of files whose (name of it ends with ".log" AND name of it starts with "IDF_") of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" as string else "No log folders"
IDF Service Running?
Period 6 hours
 
  * Results in a "string"/number
Show indented relevance
exists running service "IDFEndpointService"
defaultTag
Period 12 hours
 
  * Results in a "string"/number
Show indented relevance
value "defaultTag" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Endpoint Service" of registry
endpointId
Period 12 hours
 
  * Results in a "string"/number
Show indented relevance
value "endpointId" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Endpoint Service" of registry

Relevance

Used in 1 fixlet and 1 analsis   * Results in a true/false
Show indented relevance
((name of it = "WinVista" AND product type of it = nt workstation product type AND NOT x64 of it) OR (name of it = "WinVista" AND product type of it = nt workstation product type AND x64 of it) OR (name of it = "Win7" AND NOT x64 of it) OR (name of it = "Win7" AND x64 of it)) of operating system

Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as