Commands executed by Assets Discovery
Discovery uses the following commands to collect data. More about command types and patterns
This page lists the commands executed by Discovery patterns. Discovery can run additional commands during execution, for example to format output or retrieve extra data.
Windows
| Command | Type | Pattern |
|---|---|---|
SELECT * FROM Win32_Product | WMIQuery | Windows_Application_Product.pat |
| Get-WmiObject Win32_Product | PowerShellExecute | Windows_Application_Product_PS.pat |
| SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ | WMIRegValueList | Windows_Application_Reg32.pat |
Get-ChildItem -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\' | Select-Object PSChildName for each software key: Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{software}' | PowerShellExecute | Windows_Application_Reg32_PS.pat |
| SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ | WMIRegValueList | Windows_Application_Reg64.pat |
Get-ChildItem -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\' | Select-Object PSChildName for each software key: Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{software}' | PowerShellExecute | Windows_Application_Reg64_PS.pat |
SELECT * FROM Win32_SoftwareFeature | WMIQuery | Windows_Application_SoftwareFeature.pat |
| Get-WmiObject Win32_SoftwareFeature | PowerShellExecute | Windows_Application_SoftwareFeature_PS.pat |
| SELECT * FROM Win32_Service | WMIQuery | Windows_ApplicationServices.pat |
| Get-WmiObject Win32_Service | PowerShellExecute | Windows_ApplicationServices_PS.pat |
| SELECT * FROM Win32_Processor | WMIQuery | Windows_CPUs.pat |
| Get-WmiObject Win32_Processor | PowerShellExecute | Windows_CPUs_PS.pat |
docker ps -a --format "{{.ID}}" for each container: docker inspect -f ""Name:{{println .Name}}" + docker stats --no-stream --format ""{{.MemUsage}}"" + $containerId | WMIQuery | Windows_Docker_Container.pat |
docker ps -a --format "{{.ID}}" for each container: docker inspect -f ""Name:{{println .Name}}" + docker stats --no-stream --format ""{{.MemUsage}}"" + $containerId | PowerShellExecute | Windows_Docker_Container_PS.pat |
SELECT * FROM Win32_LogicalDisk WHERE DriveType = 3 or DriveType = 4 SELECT * FROM Win32_LogicalDiskToPartition SELECT * FROM Win32_DiskDriveToDiskPartition for all FileSystems: SELECT * FROM Win32_DiskDrive WHERE DeviceID LIKE "%{deviceId}" | WMIQuery | Windows_FileSystem.pat |
Get-WmiObject Win32_LogicalDisk | Where-Object {$_.DriveType -eq '3' -or $_.DriveType -eq '4'} Get-WmiObject Win32_LogicalDiskToPartition Get-WmiObject Win32_DiskDriveToDiskPartition for all FileSystems: Get-WmiObject Win32_DiskDrive | Where-Object {$_.DeviceID -match '{deviceId}'} | PowerShellExecute | Windows_FileSystem_PS.pat |
| SELECT * FROM Win32_ComputerSystem | WMIQuery | Windows_Hostinfo_Hostname_Model.pat |
| Get-WmiObject Win32_ComputerSystem | PowerShellExecute | Windows_Hostinfo_Hostname_Model_PS.pat |
| SELECT * FROM Win32_PhysicalMemory | WMIQuery | Windows_Hostinfo_RAM.pat |
| Get-WmiObject Win32_PhysicalMemory | PowerShellExecute | Windows_Hostinfo_RAM_PS.pat |
| SELECT StandardName FROM Win32_TimeZone | WMIQuery | Windows_Hostinfo_Timezone.pat |
| Get-WmiObject Win32_TimeZone | SELECT StandardName | Format-List | PowerShellExecute | Windows_Hostinfo_Timezone_PS.pat |
| netstat -n | WMIExecute | Windows_Hostinfo_ReferencedHosts.pat Windows_Hostinfo_ReferencedHosts_PS.pat |
| SELECT * FROM Win32_BIOS | WMIQuery | Windows_Hostinfo_SerialNr.pat |
| Get-WmiObject Win32_BIOS | PowerShellExecute | Windows_Hostinfo_SerialNr_PS.pat |
| SELECT * FROM Win32_ComputerSystemProduct | WMIQuery | Windows_Hostinfo_Vendor_UUID.pat |
| Get-WmiObject Win32_ComputerSystemProduct | PowerShellExecute | Windows_Hostinfo_Vendor_UUID_PS.pat |
SELECT * FROM Msvm_ComputerSystem SELECT * FROM Msvm_SummaryInformation WHERE Name = '{0}' | WMIQuery | Windows_HyperV_VMs.pat |
Get-WmiObject -Namespace root\virtualization\v2 Msvm_ComputerSystem Get-WmiObject -Namespace root\virtualization\v2 Msvm_SummaryInformation | Where-Object {$_.Name -eq 'vmID'} | PowerShellExecute | Windows_HyperV_VMs_PS.pat |
SELECT * FROM Win32_NetworkAdapterConfiguration Where IPEnabled=true | WMIQuery | Windows_NetworkInterfaces.pat |
| Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPEnabled -eq 'true'} | PowerShellExecute | Windows_NetworkInterfaces_PS.pat |
SELECT * FROM Win32_OperatingSystem | WMIQuery | Windows_OS.pat Windows_Hostinfo_SystemUpTime.pat |
| Get-WmiObject Win32_OperatingSystem | PowerShellExecute | Windows_OS_PS.pat Windows_Hostinfo_SystemUpTime_PS.pat |
SELECT * FROM Win32_QuickFixEngineering | WMIQuery | Windows_Patches.pat |
| Get-WmiObject Win32_QuickFixEngineering | PowerShellExecute | Windows_Patches_PS.pat |
SELECT * FROM Win32_DesktopMonitor | WMIQuery | Windows_Peripherie_Monitor.pat |
| Get-WmiObject Win32_DesktopMonitor | PowerShellExecute | Windows_Peripherie_Monitor_PS.pat |
SELECT * FROM Win32_Printer | WMIQuery | Windows_Peripherie_Printer.pat |
| Get-WmiObject Win32_Printer | PowerShellExecute | Windows_Peripherie_Printer_PS.pat |
SELECT * FROM Win32_DiskDrive Where InterfaceType = "USB" | WMIQuery | Windows_Peripherie_USB_Storage.pat |
| Get-WmiObject Win32_DiskDrive | Where-Object {$_.InterfaceType -eq 'USB'} | PowerShellExecute | Windows_Peripherie_USB_Storage_PS.pat |
| SELECT * FROM Win32_VideoController | WMIQuery | Windows_Peripherie_VideoController.pat |
| Get-WmiObject Win32_VideoController | PowerShellExecute | Windows_Peripherie_VideoController_PS.pat |
| SOFTWARE\Microsoft\Windows NT\CurrentVersion | WMIRegValue | Windows_ProductKey.pat |
| Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion' | Select-Object DigitalProductId | PowerShellExecute | Windows_ProductKey_PS.pat |
| SELECT * FROM Win32_DiskDrive | WMIQuery | Windows_StorageDevice.pat |
| Get-WmiObject Win32_DiskDrive | PowerShellExecute | Windows_StorageDevice_PS.pat |
SELECT * FROM Win32_ComputerSystem fallback command: SELECT * from Win32_NetworkLoginProfile WHERE LastLogOn IS NOT NULL | WMIQuery | Windows_Hostinfo_Username.pat |
Get-WmiObject Win32_ComputerSystem fallback command: Get-WmiObject Win32_NetworkLoginProfile | Where-Object {$_.LastLogon -ne $null} | PowerShellExecute | Windows_Hostinfo_Username_PS.pat |
wmic logicaldisk where drivetype=3 get caption | findstr ":" for all drives: dir {drive}\tomcat*.exe /s/b for all found tomcat.exe files: {tomcat.exe}version.bat | findstr "server number" fallback command: type {tomcat-path}RELEASE-NOTES | findstr /i /c:"tomcat version" | WMIExecute | Windows_Application_Tomcat.pat |
wmic logicaldisk where drivetype=3 get caption | findstr ":" for all drives: dir -path {drive}\ -r -filter tomcat*.exe -ErrorAction SilentlyContinue | % fullname for all found tomcat.exe files: & '{tomcat.exe}version.bat' | findstr "server number" fallback command: type {tomcat-path}RELEASE-NOTES | findstr /i /c:"tomcat version" | PowerShellExecute | Windows_Application_Tomcat_PS.pat |
SOFTWARE\Microsoft\Office SOFTWARE\Wow6432Node\Microsoft\Office for each key → sub value: \Registration\DigitalProductID | WMIRegValueList | Windows_Application_Office_ProductKey.pat |
Get-ChildItem -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\' | Select-Object PSChildName Get-ChildItem -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\' | Select-Object PSChildName for each key → sub value: \Registration\DigitalProductID | PowerShellExecute | Windows_Application_Office_ProductKey_PS.pat |
wmic logicaldisk where drivetype=3 get caption | findstr ":" for all drives: dir {drive}\mysql.exe /s/b for all found mysql.exe files: {mysql.exe} -u $$login$$ -p$$password$$ -e"SELECT table_schema AS "Database name", Round(Sum(data_length + index_length) / 1024 / 1024, 0) AS "Size (MB)" FROM information_schema.TABLES GROUP BY table_schema;" | WMIExecute | Windows_Application_mySQL-DBs.pat |
wmic logicaldisk where drivetype=3 get caption | findstr ":" for all drives: dir -path {drive}\ -r -filter mysql.exe -ErrorAction SilentlyContinue | % fullname for all found mysql.exe files: & '{mysql.exe}' -u $$login$$ -p$$password$$ -e'SELECT table_schema AS \""Database name\"", Round(Sum(data_length + index_length) / 1024 / 1024, 0) AS \""Size (MB)\"" FROM information_schema.TABLES GROUP BY table_schema;' | PowerShellExecute | Windows_Application_mySQL-DBs_PS.pat |
| sqlcmd -Q "SELECT DB.name, SUM(CASE WHEN type = 0 THEN MF.size * 8 / 1024 ELSE 0 END) AS DataFileSizeMB, SUM(CASE WHEN type = 1 THEN MF.size * 8 / 1024 ELSE 0 END) AS LogFileSizeMB FROM sys.master_files MF JOIN sys.databases DB ON DB.database_id = MF.database_id GROUP BY DB.name" | WMIExecute PowerShellExecute | Windows_Application_MSSQL-DBs.pat Windows_Application_MSSQL-DBs_PS.pat |
wmic logicaldisk where drivetype=3 get caption | findstr ":" for all drives: dir {drive}\psql.exe /s/b for all found psql.exe files: [set "PGPASSWORD=$$password$$"]"{psql.exe}" -h localhost --username=$$login$$ -c "\l+" | WMIExecute | Windows_Application_PostgrSQL-DBs.pat |
wmic logicaldisk where drivetype=3 get caption | findstr ":" for all drives: dir -path {drive}\ -r -filter psql.exe -ErrorAction SilentlyContinue | % fullname for all found psql.exe files: $env:PGPASSWORD='$$password$$'; &'{psql.exe}' -h localhost --username=postgres -c "\l+";$env:PGPASSWORD='' | PowerShellExecute | Windows_Application_PostgrSQL-DBs_PS.pat |
wmic logicaldisk where drivetype=3 get caption | findstr ":" for all drives: dir {drive}\pom.xml /s /b | findstr "atlassian.*-web" for all found pom.xml files: type "{pom.xml}" | findstr "parent version" | WMIExecute | Windows_Application_Atlassian-JIRA.pat Windows_Application_Atlassian-Confluence.pat Windows_Application_Atlassian-Bamboo.pat |
wmic logicaldisk where drivetype=3 get caption | findstr ":" for all drives: dir -path {drive}\ -r -filter pom.xml -ErrorAction SilentlyContinue | % fullname for all found pom.xml files: type '{pom.xml}' | findstr "parent version" | PowerShellExecute | Windows_Application_Atlassian-JIRA_PS.pat Windows_Application_Atlassian-Confluence_PS.pat Windows_Application_Atlassian-Bamboo_PS.pat |
wmic logicaldisk where drivetype=3 get caption | findstr ":" for all drives: dir {drive}\MANIFEST.MF /i | findstr "bitbucket" for all found MANIFEST.MF files: type "{MANIFEST.MF}" | findstr /I "implementation-version" | WMIExecute | Windows_Application_Atlassian-BitBucket.pat |
wmic logicaldisk where drivetype=3 get caption | findstr ":" for all drives: dir -path {drive}\ -r -filter MANIFEST.MF -ErrorAction SilentlyContinue | % fullname | findstr /i ""bitbucket" for all found MANIFEST.MF files: type '{MANIFEST.MF}' | findstr "implementation-version" | PowerShellExecute | Windows_Application_Atlassian-BitBucket_PS.pat |
For the Atlassian Products reading the used database configuration: dir {drive}\dbconfig.xml /s /b | findstr /i "<productName>" for all found dbconfig.xml files: type "{dbconfig}" | findstr "jdbc:" | WMIExecute | Windows_Application_Atlassian-JIRA.pat Windows_Application_Atlassian-Confluence.pat Windows_Application_Atlassian-Bamboo.pat Windows_Application_Atlassian-BitBucket.pat |
For the Atlassian Products reading the used database configuration: dir -path {drive}\ -r -filter dbconfig.xml -ErrorAction SilentlyContinue | % fullname | findstr /i "<productName>" for all found dbconfig.xml files: type "{dbconfig}" | findstr "jdbc:" | PowerShellExecute | Windows_Application_Atlassian-JIRA_PS.pat Windows_Application_Atlassian-Confluence_PS.pat Windows_Application_Atlassian-Bamboo_PS.pat Windows_Application_Atlassian-BitBucket_PS.pat |
Linux
Discovery automatically adds | col -b to all executed commands to disable colored outputs.
| Command | Type | Pattern |
|---|---|---|
last | egrep 'tty|pts' | SSHExecute | Linux_Hostinfo_Username.pat |
| COLUMNS=256 dpkg -l | SSHExecute | Linux_Application_DPK.pat |
| rpm -qa --queryformat 'begin\nname:%{NAME}\nversion:%{VERSION}\nrelease:%{RELEASE}\nvendor:%{VENDOR}\ndescription:%{SUMMARY}\n' | SSHExecute | Linux_Application_RPM.pat |
| sudo qlist -IUCv | SSHExecute | Linux_Application_QLIST.pat |
| egrep '^(model name|cpu MHz|[pP]rocessor|physical id|cpu cores)' /proc/cpuinfo | SSHExecute | Linux_CPUs.pat |
docker ps -a --no-trunc --format "{{.ID}} {{.Status}}" for each container: docker inspect -f ""Name:{{println .Name}}" + docker stats --no-stream --format ""{{.MemUsage}}"" + $containerId | SSHExecute | Linux_Docker_Container.pat |
| df -BMB | grep "^/dev" | SSHExecute | Linux_FileSystem.pat |
| rm ~/.bash_history -f && history -c | SSHExecute | Linux_Host_Clear_Command_History.pat |
hostname OS check command: uname -o -r -i -m && cat /etc/*release && lsb_release -a For Solaris-Systems: check-hostname | awk '{ print $NF }' all other Linux-Systems: hostname --fqdn | SSHExecute | Linux_Hostinfo_Hostname.pat |
dmesg | grep -i 'hypervisor detected' fallback command(s): systemd-detect-virt hostnamectl | grep -i 'virtualization' sudo virt-what | SSHExecute | Linux_Hostinfo_Hypervisor.pat |
| sudo dmidecode -t system | grep 'Product' | SSHExecute | Linux_Hostinfo_Model.pat |
| egrep '^MemTotal' /proc/meminfo | SSHExecute | Linux_Hostinfo_RAM.pat |
netstat -tun fallback command: netstat -an | SSHExecute | Linux_Hostinfo_ReferencedHosts.pat |
sudo dmidecode -t system | grep 'Serial Number' | SSHExecute | Linux_Hostinfo_SerialNr.pat |
uptime | sed -E 's/^[^,]*up *//; s/, *[[:digit:]]* users.*//; s/min/minutes/; s/([[:digit:]]+):0?([[:digit:]]+)/\1 hours, \2 minutes/' fallback command: cat /proc/uptime | SSHExecute | Linux_Hostinfo_SystemUpTime.pat |
| sudo dmidecode -t system | grep 'UUID' | SSHExecute | Linux_Hostinfo_UUID.pat |
sudo dmidecode -t system | grep 'Manufacturer' fallback command: cat /sys/class/dmi/id/sys_vendor | SSHExecute | Linux_Hostinfo_Vendor.pat |
timedatectl | grep 'Time zone' fallback command: date '+%Z %z' | SSHExecute | Linux_Hostinfo_Timezone.pat |
ifconfig -a fallback command: sudo ip addr show | SSHExecute | Linux_NetworkInterfaces.pat |
| sudo ip route show | grep 'default' | SSHExecute | Linux_NetworkInterfaces.pat Linux_NetworkInterfaces_IA.pat |
| ip addr | SSHExecute | Linux_NetworkInterfaces_IA.pat |
| uname -o -r -i -m && cat /etc/*release && lsb_release -a | SSHExecute | Linux_OS.pat |
| lpstat -t | SSHExecute | Linux_Peripherie_Printer.pat |
| lsusb | SSHExecute | Linux_Peripherie_USB_Storage.pat |
| lsusb -D /dev/bus/usb/{0}/{1} | grep -E 'evice:|id|Class' | SSHExecute | Linux_Peripherie_USB_Storage.pat |
| lsblk -e 11,1 -dbP --output NAME,MAJ:MIN,VENDOR,MODEL,SERIAL,LABEL,UUID,SIZE,REV,TYPE,STATE | SSHExecute | Linux_StorageDevice.pat |
VBoxManage list vms for each vm: VBoxManage showvminfo {0} --machinereadable | SSHExecute | Linux_VBox_VMs.pat |
xe vm-list params=uuid is-control-domain=false is-a-snapshot=false --minimal for each vm: xe vm-list params=name-label uuid={1} --minimal xe vm-list params=name-description uuid={1} --minimal xe vm-list params=power-state uuid={1} --minimal xe vm-list params=memory-static-maxe uuid={1} --minimal xe vm-list params=networks uuid={1} --minimal xe vm-list params=VCPUs-number uuid={1} --minimal | SSHExecute | Linux_Xen_VMs.pat |
sudo service --status-all sudo rc-status --all | grep -F '['' sudo systemctl list-unit-files --type=service | egrep 'enabled|disabled' | SSHExecute | Linux_ApplicationServices.pat |
| sudo mysql -u $$login$$ -p$$password$$ -e "SELECT table_schema AS \"Database name\", Round(Sum(data_length + index_length) / 1024 / 1024, 0) AS \"Size (MB)\" FROM information_schema.TABLES GROUP BY table_schema;" | SSHExecute | Linux_Application_mySQL-DBs.pat |
echo $$password$$ | sudo -S -u $$login$$ psql -c "\l+" fallback command: echo $$password$$ | sudo -S -u $$login$$ psql -h localhost -c "\l+" | SSHExecute | Linux_Application_PostgreSQL-DBs.pat |
sudo find / -iname "pom.xml" | grep 'atlassian.*-web' for all found pom.xml files: sed -n '/<parent>/,/<\/parent>/H; /<parent>/h; /\/parent/{x;s/<parent>\(.*[^\n]\)\n*<\/parent>/\1/p;}' {pom.xml} | SSHExecute | Linux_Application_Atlassian-JIRA.pat Linux_Application_Atlassian-Confluence.pat Linux_Application_Atlassian-Bamboo.pat |
sudo find / -iname "MANIFEST.MF" | grep 'bitbucket' for all found MANIFEST.MF files: cat {MANIFEST.MF} | grep -i "implementation-version" | SSHExecute | Linux_Application_Atlassian-BitBucket.pat |
For the Atlassian Products reading the used database configuration: sudo find / -iname ""dbconfig.xml"" | grep '<productName>' for all found dbconfig.xml files: cat {dbconfig} | grep '<url>jdbc:' | SSHExecute | Linux_Application_Atlassian-JIRA.pat Linux_Application_Atlassian-Confluence.pat Linux_Application_Atlassian-Bamboo.pat Linux_Application_Atlassian-BitBucket.pat |
MacOS
| Command | Type | Pattern |
|---|---|---|
| system_profiler SPApplicationsDataType | SSHExecute | MacOSX_Application_ApplicationsData.pat |
| system_profiler SPExtensionsDataType | SSHExecute | MacOSX_Application_ExtensionsData.pat |
| system_profiler SPFrameworksDataType | SSHExecute | MacOSX_Application_FrameworksData.pat |
| system_profiler SPPrefPaneDataType | SSHExecute | MacOSX_Application_PrefPaneData.pat |
| launchctl list | SSHExecute | MacOSX_ApplicationServices.pat |
| (sysctl -n machdep.cpu.brand_string) & (system_profiler | grep -e 'Processor ' -e Cores -e 'Number of Processors') | SSHExecute | MacOSX_CPUs.pat |
| df -lk | grep "^/dev" | SSHExecute | MacOSX_FileSystem.pat |
| host "$(hostname -s)" | SSHExecute | MacOSX_Hostinfo_FQDN.pat |
| sysctl hw.memsize | SSHExecute | MacOSX_Hostinfo_RAM.pat |
| system_profiler | grep -e 'Model Name: ' -e 'Model Identifier: ' -e 'Memory: ' -e 'Serial Number (system): ' -e 'Hardware UUID: ' | SSHExecute | MacOSX_Hostinfo.pat |
| sudo systemsetup -gettimezone | SSHExecute | MacOSX_Hostinfo_Timezone.pat |
| sw_vers | SSHExecute | MacOSX_OS.pat |
| system_profiler -xml SPUSBDataType | SSHExecute | MacOSX_Peripherie_USB_Storage.pat |
| uptime | SSHExecute | MacOSX_UpTime.pat |
SNMP
| Command | Type | Pattern |
|---|---|---|
| 1.3.6.1.2.1.1.3.0;1.3.6.1.2.1.1.4.0;1.3.6.1.2.1.1.5.0;1.3.6.1.2.1.1.6.0;1.3.6.1.4.1.2021.4.5.0 | SNMP_GET | SNMP_Deviceinfo_Default.pat |
| 1.3.6.1.4.1.2021.4.5.0;1.3.6.1.4.1.2021.4.6.0;1.3.6.1.4.1.2021.4.11.0 | SNMP_GET | SNMP_Deviceinfo_ExtExampleRAM.pat |
| 1.3.6.1.2.1.2.2.1.2;1.3.6.1.2.1.4.20.1.2 | SNMP_WALK | SNMP_Deviceinfo_Network.pat |
Other
| Command | Type | Pattern |
|---|---|---|
| HostSystem | SSHExecute | ESXi_HostSystem.pat |
| VirtualMachine | SSHExecute | ESXi_VirtualMachines.pat |
| show memory | SSHExecute | IBM_DataPower_Hostinfo_ShowMemory.pat |
| show version | SSHExecute | IBM_DataPower_Hostinfo_ShowNetwork-Interface.pat IBM_DataPower_Hostinfo_ShowVersion.pat |
| show system | SSHExecute | IBM_DataPower_Hostinfo_ShowSystem.pat |
| pkginfo -l | SSHExecute | Solaris_Application.pat |
| psrinfo -pv | SSHExecute | Solaris_CPUs.pat |
| prtconf | grep Memory | SSHExecute | Solaris_Hostinfo_RAM.pat |
| smbios -t SMB_TYPE_SYSTEM | SSHExecute | Solaris_Hostinfo_System.pat |
| kstat -p unix:0:system_misc:boot_time | nawk '{printf "%d\n", srand()-$2}' | SSHExecute | Solaris_Hostinfo_SystemUpTime.pat |
| nlsadm get-timezone | SSHExecute | Solaris_Hostinfo_Timezone.pat |
discoRemote.cmd commands
When you're using Asset Discovery for scanning, system monitoring tools detect incoming commands related to the execution of discoRemote.cmd. This is a temporary process that is executed by patterns with the WMIExecute process type. More about discoRemode.cmd commands