Create custom patterns

What are patterns?

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

You can create your own custom patterns and edit or disable patterns. You can't modify the default pattern, you can just create a custom pattern as a copy of the existing one. You can modify the custom pattern after saving it.

Create a custom pattern

To create a custom pattern, run Discovery (use the command Discovery.exe -s), and go to the Pattern tab. Then:

  • To create a new pattern, select Create pattern. You'll see the Pattern Editor view in a creation mode with some predefined data.
  • To import a pattern from an existing *.pat file, select Import pattern from file and select the file you need.

Create pattern view

  • To create a pattern from an existing pattern, find the pattern you need. Then, next to the pattern name, select Copy . You'll see the Pattern Editor view with predefined data and modified Pattern name and ID.

Create pattern from another pattern view

Pattern Editor view

Below, you can see more information about the Pattern Editor view.

Property

Description

Required

Possible values

Name

The name that will be displayed on UI and in logs. Should be unique.

Yes

Any text value.

(info) The SSH pattern name should start from the name of OS that should be scanned. For example: Linux_ , MacOS_, Solaris_, IBM_, Solaris_.

Version

The pattern version in semantic format X.Y.Z (X.Y.Z.W). The version is displayed in logs and helps to identify what exact version of the pattern was executed.

Yes

Version in format X.Y.Z

ID

The pattern's unique ID. It allows to identify patterns while running scan.

Yes

Any text value

Alternative pattern

The pattern that will be executed if current pattern can't be processed. For example, if a PowerShell pattern can't be executed, you can run another pattern by using WMI.

No

Pattern name selected from the list of available patterns

Order Number

The order number determines the execution sequence of similar patterns. For example, if you have two patterns that set hostinfo.Hostname, the pattern with the higher order number will be executed last, and the Hostname will be set by the last executed pattern. The order number also allows for the extension of the Discovery object created by the pattern with the lower order number.

Yes

Numeric value - 1, 2, 3...

Process Type

Identifies the processing type for the command specified in the Command field. For example, WMIQuery will attempt to execute the command as a WMI query, while SNMP_GET will retrieve the values for the selected OIDs.

Yes


WMIQuery
WMIRegValue
WMIRegValueList
WMIExecute
PowerShellExecute
SSHExecute
SNMP_GET
SNMP_WALK
VIMObject


Pattern Type

Identifies the object that will be received as a parameter in the C# code defined in the Processing field.

The parameters[2] will contain the selected object, allowing it to be extended in the current pattern. For example, if a HostInfo object was created in the Windows_Hostinfo_Hostname_Model pattern and you want to set or customize some properties of this object in your custom pattern, you need to:

  1. Select Host from the list.

  2. Cast the object in the pattern code:

    HostInfo hostInfo = (HostInfo)parameters[2];

  3. Set the desired property:

    hostInfo.Model = "Test model"; ```"


If the selected object properties doesn’t fit your needs, you can extend the object information.

Yes




Host
Network
CPU
OS
FileSystem
Application
Patch
ApplicationService
Process
OSProductKey
ApplicationProductKey
ConnectedPeripherie
HostList
VirtualGuest
StorageDevice
Device
User
Group
PostProcessing


 


Command

Command executed on the remote machine. The command execution depends on selected Process type.

No

Any command that can be executed remotely for the specified type

Processing

C# code used to process data received as output from command execution on a remote machine.

The code in the fields will be automatically compiled and checked for errors upon saving. You won't be able to save a pattern if the code can't be executed during a scan.

Yes

C# code.

More about the code requirements  

Pattern processing

The PerformAction method (public void PerformAction(object[] parameters) {}) in the Processing field is mandatory and the Discovery-Tool invokes it with an object array that includes the following three objects:

ParameterObject typeDescription
parameters[0]Command ResultContaining the result of the initial pattern command.
parameters[1]

IProvider

Containing the executing Provider-Class that is connected to the discovering system.

This provider will be used in the pattern to execute other commands if required.

parameters[2]object

Containing the HostInfo-/Device-Object that is initial created on the start of the scan.

public void PerformAction(object[] parameters)
{
  HostInfo hostInfo = (HostInfo)parameters[2];
  try
{

You can use next scan objects and properties to add scan data.

We recommend that you develop and test a new pattern in a non-production environment and set up a connection to the Host or Device that returns the result data you want to handle with from Discovery. 

Then, disable all patterns excluding the main HostInfo Pattern, such as Linux_Hostinfo_Hostname, Windows_Hostinfo_Hostname_Model, or SNMP_Deviceinfo_Default. It's mandatory to have a main HostInfo object that includes the Hostname. With this setup, it's possible to quickly test a new pattern without waiting for responses from all other patterns.

To move or copy custom patterns from one Discovery host to another, you need to export and import *.pat files. You can't directly copy patterns.bpat files as it would work only on the instance where it was created.

Check out more custom pattern examples

Provider classes

For connecting to Host or Devices, there are four types of Providers used by the Discovery-Tool:

The following sections describe Providers handling the connection and execution of commands to collect data.

Inside a Pattern, you can use the actual connected Provider to execute additional commands if more information from the System is needed.

SSH-Provider

The SSH-Provider-Class is connected to a Linux System and can be used inside a Pattern:

using Insight.Discovery.ProviderClasses; // Include the ProviderClasses Namespace at the Head of the PatternCode
using Insight.Discovery.InfoClasses; // Include the InfoClasses Namespace at the Head of the PatternCode
// Casting the connected Provider out of the parameters from the PerformAction-Method
SSHProvider ssh = (SSHProvider)parameters[1];
// using the SSH-Provider to execute a command and receiving the result.
var result = (SSHExecuteResult)ssh.ExecuteCommand("hostname"); // returning the hostname of a Linux System

For example, a cast SSHProvider is used in the "Linux_Hostinfo_Hostname.pat" Pattern.

WMI-Provider

The WMI-Provider-Class is connected to a Windows System and can be used inside a Pattern:

using Insight.Discovery.ProviderClasses; // Include the ProviderClasses Namespace at the Head of the PatternCode
using Insight.Discovery.InfoClasses; // Include the InfoClasses Namespace at the Head of the PatternCode
// Casting the connected Provider out of the parameters from the PerformAction-Method
WMIProvider wmiProvider = (WMIProvider)parameters[1];
// using the WMI-Provider to read a Registry Value.
var result = (WMIRegValueResult)wmiProvider.GetRegistryValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\<Key>", "DisplayName");
// using the WMI-Provider to get a List of all Registry-Sub-Keys.
var result = (WMIRegValueListResult)wmiProvider.GetSubKeysFromRegistry("SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\");
//using the WMI-Provider to execute a WMI query receiving the result.
var result = (WMIQueryResult)wmiProvider.ExecuteWMIQuery("netstat -an");
//using the WMI-Provider to execute a command and receiving the result.
var result = (WMIExecuteResult)wmiProvider.ExecuteWMICommand("netstat -an");


SNMP-Provider

The SNMP-Provider-Class is connected to a SNMP Device and can be used inside a Pattern:

using Insight.Discovery.ProviderClasses; // Include the ProviderClasses Namespace at the Head of the PatternCode
using Insight.Discovery.InfoClasses; // Include the InfoClasses Namespace at the Head of the PatternCode
using System.Text;

// Casting the connected Provider out of the parameters from the PerformAction-Method
SNMPProvider snmp = (SNMPProvider)parameters[1];

// (Optional) Return octet strings as HEX
snmp.OctetStringAsHex = true;

// (Optional) Set encoding for octet string (Encoding.ASCII, Encoding.UTF8, Encoding.Unicode, or Encoding.UTF32)
snmp.OctetStringEncoding = Encoding.ASCII;

// using the SNMP-Provider to execute a SNMPGet command and receiving the results
var result = (SNMPExecuteResult)snmp.ExecuteCommand("1.3.6.1.2.1.1.6.0", ScanProcessType.SNMP_GET, true);
 
// using the SNMP-Provider to execute a SNMPWalk command and receiving the results
var result = (SNMPExecuteResult)snmp.ExecuteCommand("1.3.6.1.2.1.2.2.1.2", ScanProcessType.SNMP_WALK, true);

// using the SNMP-Provider to execute a SNMPWalk command with contextName and receiving the results
var result = (SNMPExecuteResult)snmp.ExecuteCommand("1.3.6.1.2.1.2.2.1.2", ScanProcessType.SNMP_WALK, "myContext",true);


VIM-Provider

The SNMP-Provider-Class is connected to a VMWare ESXi System and can be used inside a Pattern:

using Insight.Discovery.ProviderClasses; // Include the ProviderClasses Namespace at the Head of the PatternCode
using Insight.Discovery.InfoClasses; // Include the InfoClasses Namespace at the Head of the PatternCode
 
// Casting the connected Provider out of the parameters from the PerformAction-Method
VIMProvider snmp = (SNMPProvider)parameters[1];
 
// using the VIM-Provider to execute a command and receiving the results
var result = (VIMCommandResult)snmp.ExecuteCommand("HostSystem");


Additional functions

ImportService

If you want to set a Date Attribute for a Discovery-Object like the InstallDate for an Application it must be in a specific Format ("MM/dd/yyyy").

You can use the delivered ImportService.ImportDate Method that will do the transformation for you:

using Insight.Discovery.Tools; // Include the Discovery Tools Namespace at the Head of the PatternCode
 
// using the ImportDate Method to transform the Date string of a result Object
discoveryObject.InstallDate = ImportService.Instance.ImportDate("resultDateString");
 
// The following input formats will be transformed:
// "MM/dd/yy", "M/dd/yy", "MM/dd/yyyy", "M/dd/yyyy", "MM/dd/yy", "M/d/yy", "MM/d/yyyy", "M/d/yyyy", "yyyyMMdd", "yyMMdd", "dd.MM.yy", "dd.MM.yyyy", "MMM-dd-yy", "MMM-dd-yyyy", "yyyy-MM-dd"

LogService

If you want to write entries into the Discovery Logfile you can use the delivered LogService Class.

using Insight.Discovery.Tools; // Include the Discovery Tools Namespace at the Head of the PatternCode
 
// creating a "normal" log entry
LogService.Instance.LogNormal("My normal log entry");
 
// creating a "debug" log entry with additional Exception object
try
{
	LogService.Instance.LogDebug("a debug log entry");
	// Code that could raise an exception
}
catch (Exception ex)
{
	LogService.Instance.LogError("Log of an exception", ex);
}


Custom pattern for Discovery Agent

Starting from Discovery Agents 7.1.0, you can use custom pattern for Discovery Agent scans:

  1. Create a custom pattern.
  2. Go to the Agent tab of the Discovery tool.
  3. Select Patterns transfer and select the custom pattern.
  4. Save the selection.

The Discovery tool will generate a secure agent_patterns.bpat file. During the next data collection from the connected agents, this agent_patterns.bpat file will be transferred to the Discovery Agent and securely stored using an Agent Token generated by the agent. If the file is modified on the Discovery side (if the list of patterns changes or a custom pattern is edited), it'll be re-generated and sent to the agent.

If you aren't using Discovery Agents 7.1.0 (or later) together with the Discovery tool, you can configure the custom patterns list in the following way:

  1. Create a custom pattern.

  2. In the Pattern Transfer list, select your patterns.

  3. Save the selection.

  4. Run Discovery -exportpatterns. More about Discovery commands

  5. Copy the agent_patterns.bpat file from <Discovery root folder>/pattern_export to all the agents. Discovery Agent shouldn't have AgentToken configured.

On next Discovery Agent scan run, the new pattern list will be executed.

Last modified on Jan 6, 2025

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.