What are patterns?
Pattern structure
A pattern contains the following nodes:
| Node | Mandatory | Description |
|---|---|---|
| <Version> | Yes | A version string for the pattern. |
| <PatternID> | Yes | A unique string for each pattern. |
| <AlternativePattern> | Yes | A pattern that will be used instead of that one (e.g. used for PowerShell). |
| <ProcessType> | Yes | Describes which type of execution will be proceed by the Discovery-Tool to collect information. All possible process types are listed down below on this page. |
| <PatternType> | Yes | Describes for which type of Discovery-Object the pattern is responsible. All possible pattern types are listed down below on this page. |
| <OrderNr> | Yes | You can have multiple patterns for one Discovery-Object, and here you specify their order. The order number is used to set in which order the Pattern is executed. (For example you can see in the pattern folder 3 Pattern for Linux Network Interface) |
| <Command> | No | Contains the Command that will be executed on the Remote-System. The command depends on the process type. |
| <Processing> | Yes | Contains the C# SourceCode to processing result data to Discovery-Objects. |
| <IgnoreCommandCache> | No | By default, a command result will be stored in the cache and the result of the same command will be read from the cache. If set to true, the CommandProvider will ignore the cache. The cache is just persistent for a scan session. |
| <RegValue> | No | The Registry Variable that would be read in combination with the Command used by WMIRegValue. |
| <ApplicationName> | No | The name of the application that is used to collect extended information for. |
| <ContextName> | No | Optional SNMP Walk context name. |
| <WMINamespace> | No | Define an alternative WMI Namespace for the initial command. |
Pattern process types
There are several different types of processes that might be executed when a pattern is run.| Type | Example command | Command result type | Description |
|---|---|---|---|
| SSHExecute | ifconfig -a | String | Executes a SSH Command on a connected Remote Unix System |
| WMIQuery | SELECT * FROM Win32_OperatingSystem | ManagementObjectCollection | Executes a WMI Query on a connected Remote Windows System |
| WMIExecute | netstat -an | String | Executes a Command on a connected Remote Windows System |
| WMIRegValue | <![CDATA[ | The result object can any type of a registry value | By WMIRegValue the Command contains the Registry Path and reads the Value described in the <RegValue> Node of the Pattern. The "Root" is set by default to "HKEY_LOCAL_MACHINE\" and should not included in the command. The Result is an object containing all Variations of an Registry Variable. |
| WMIRegValueList | <![CDATA[ | List<string> | By WMIRegValueList the Command contains the Registry Path and returning the "subKeys" of the Registry Path. The "Root" is set by default to "HKEY_LOCAL_MACHINE\" and should not included in the command. |
| PowerShellExecute | Get-WmiObject win32_computersystem | String | Executes a PowerShell-Command on a connected Remote Windows System |
SNMP_GET | 1.3.6.1.4.1.2021.4.5.0;1.3.6.1.4.1.2021.4.6.0 | ExtendedInformation is an object with two attributes: | Executes a SNMP GET Command for the given MIB's. Returning a List of ExtendedInformation, a ExtendedInformation containing the Name (the MIB) and the Value of the MIB. |
| SNMP_WALK | 1.3.6.1.2.1.2.2.1.2;1.3.6.1.2.1.4.20.1.2 | ExtendedInformation is an object with two attributes: | Executes a SNMP WALK Command for the given MIB's. Returning a List of ExtendedInformation, a ExtendedInformation containing the Name (the MIB) and the Value of the MIB. |
Command result types
Starting with Discovery v.3, every pattern process type has a command result implementation.
| Process type | Command result type |
|---|---|
| WMIQuery | WMIQueryResult |
| WMIRegValue | WMIRegValueResult |
| WMIRegValueList | WMIRegValueListResult |
| WMIExecute | WMIExecuteResult |
| PowerShellExecute | PowerShellExecuteResult |
| SSHExecute | SSHExecuteResult |
| SNMP_GET | SNMPExecuteResult |
| SNMP_WALK | SNMPExecuteResult |
| VIMObject | VIMCommandResult |
Pattern types
Pattern types define which types of Discovery-Object are returned as results from processing.
The result of Discovery-Objects will be merged. For example in the Discovery/pattern folder you can see multiple HostInfo pattern, they are all collecting partial results of a host and the Discovery-Tool merging the Attributes together.
| Type | Example pattern (included) | Description |
|---|---|---|
| Host | Linux_Hostinfo_Hostname.pat Windows_Hostinfo_Hostname_Model.pat | Processing collected data for a Host. The pattern function (PerformAction) processing a HostInfo-Object. |
| Deviceinfo | SNMP_Deviceinfo_Default.pat | Processing collected data for a Host or a Device. The pattern function (PerformAction) processing a DeviceInfo-Object. |
| Network | Linux_NetworkInterfaces.pat Windows_NetworkInterfaces.pat | Processing collected data for NetworkInterfaces. The pattern function (PerformAction) processing the NetworkInterface-Objects of the parent system. |
| CPU | Linux_CPUs.pat Windows_CPUs.pat | Processing collected data for CPUs. The pattern function (PerformAction) processing the CPUInfo-Objects of the parent system. |
| OS | Linux_OS.pat Windows_OS.pat | Processing collected data for OS. The pattern function (PerformAction) processing the OSInfo-Objects of the parent system. |
| FileSystem | Linux_FileSystem.pat Windows_FileSystem.pat | Processing collected data for FileSystems. The pattern function (PerformAction) processing the FileSystemInfo-Objects of the parent system. |
| Application | Linux_Application_RPM.pat Windows_Application_Product.pat | Processing collected data for Applications. The pattern function (PerformAction) returning a list of ApplicationInfo-Objectsof the parent system. |
| Patch | Windows_Patches.pat | Processing collected data for Patches. The pattern function (PerformAction) processing the PatchInfo-Objects of the parent system. |
| ApplicationService | Windows_ApplicationServices.pat | Processing collected data for ApplicationServices. The pattern function (PerformAction) processing the ApplicationServiceInfo-Objects of the parent system. |
| OSProductKey | Windows_ProductKey.pat | Processing collected data for License. The pattern function (PerformAction) processing the License for the Operating-System |
| ApplicationProductKey | Example: Application Product Key | Processing collected data for License. The pattern function (PerformAction) processing the License for the Applications of the parent system. |
| User | Linux_User.pat Windows_User.pat | Processing collected data for User. The pattern function (PerformAction) processing the User of the parent system. |
| Group | Linux_Group.pat Windows_Group.pat | Processing collected data for Groups. The pattern function (PerformAction) processing the Groups of the parent system. |
| ConnectedPeripherie | Windows_Peripherie_USB_Storage.pat | Processing collected data for Extended Informations. The pattern function (PerformAction) processing the ExtendedInformation-Objects of the parent system. |
| SNMPExtendedValues | SNMP_Deviceinfo_ExtExampleRAM.pat | Processing collected data for Extended Informations. The pattern function (PerformAction) processing the ExtendedInformation-Objects of the parent system. |
| ConnectedPeripherie | Windows_Peripherie_USB_Storage.pat | Processing collected data for Connected Devices of the parent system. |
| HostinfoList | Windows_VBox_VMs.pat Linux_VBox_VMs.pat | Processing collected data for a lis of Virtual Guests The patten function (PerformAction) processing the Host-Objects (like virtual guest machines) of the parent system. |
| PostProcessing | Post Processing pattern will be executed after all the pattern types and can be used to add or modify host/device information The pattern function (PerformAction) returning a HostInfo- or a DeviceInfo-Object. |