Understand the pattern structure
A pattern is an XML file that contains the following nodes:
| Node | Mandatory | Description |
|---|---|---|
| <Version> |  | A version string for the pattern. |
| <PatternID> | | A unique string for each pattern. |
| <AlternativePattern> | | A pattern that will be used instead of that one (e.g. used for PowerShell). |
| <ProcessType> | | Describes which type of execution will be proceed by the Discovery-Tool to collect information. See Process types. |
| <PatternType> | | Describes for which type of Discovery-Object the pattern is responsible. See Pattern types. |
| <OrderNr> | | You can have multiple patterns for one Discovery-Object, and here you specify their order. |
| <Command> |  | Contains the Command that will be executed on the Remote-System. The command depends on the process type. |
| <Processing> | | Contains the C# SourceCode to processing result data to Discovery-Objects. |
| <IgnoreCommandCache> | - | If set to true, the CommandProvider will ignore the cache. By default, a command result is stored in the cache and the result of the same command is read from the cache. The scan is persistent for a scan session. |
| <RegValue> |
| The Registry Variable that would be read in combination with the Command used by WMIRegValue. |
| <ApplicationName> | | The name of the application that is used to collect extended information for. |
| <ContextName> | | Optional SNMP Walk context name. |
| <WMINamespace> | | Define an alternative WMI Namespace for the initial command. |
Process types
For Unix systems, SSHExecute patterns are executed based on the operating system (OS) type. When you create custom SSHExecute patterns, include the OS types (for example, Linux_HostInfo_UUID.pat, Linux_Solaris_HostInfo_UUID.pat) so that patterns are executed on the specified OS types.
| Type | Example command | Command result type | Description |
|---|---|---|---|
| SSHExecute | ifconfig -a | String | Executes a SSH Command on a connected Remote Unix System |
| WMIQuery | SELECT * FROM Win32_OperatingSystem | ManagementObjectCollection | Executes a WMI Query on a connected Remote Windows System |
| WMIExecute | netstat -an | String | Executes a Command on a connected Remote Windows System |
| WMIRegValue | <![CDATA[ | The result object can any type of a registry value | By WMIRegValue the Command contains the Registry Path and reads the Value described in the <RegValue> Node of the Pattern. The "Root" is set by default to "HKEY_LOCAL_MACHINE\" and should not included in the command. The Result is an object containing all Variations of an Registry Variable. |
| WMIRegValueList | <![CDATA[ | List<string> | By WMIRegValueList the Command contains the Registry Path and returning the "subKeys" of the Registry Path. The "Root" is set by default to "HKEY_LOCAL_MACHINE\" and should not included in the command. |
| PowerShellExecute | Get-WmiObject win32_computersystem | String | Executes a PowerShell-Command on a connected Remote Windows System |
SNMP_GET | 1.3.6.1.4.1.2021.4.5.0;1.3.6.1.4.1.2021.4.6.0 | ExtendedInformation is an object with two attributes: | Executes a SNMP GET Command for the given MIB's. Returning a List of ExtendedInformation, a ExtendedInformation containing the Name (the MIB) and the Value of the MIB. |
| SNMP_WALK | 1.3.6.1.2.1.2.2.1.2;1.3.6.1.2.1.4.20.1.2 | ExtendedInformation is an object with two attributes: | Executes a SNMP WALK Command for the given MIB's. Returning a List of ExtendedInformation, a ExtendedInformation containing the Name (the MIB) and the Value of the MIB. |
Command result types
| Process type | Command result type |
|---|---|
| WMIQuery | WMIQueryResult |
| WMIRegValue | WMIRegValueResult |
| WMIRegValueList | WMIRegValueListResult |
| WMIExecute | WMIExecuteResult |
| PowerShellExecute | PowerShellExecuteResult |
| SSHExecute | SSHExecuteResult |
| SNMP_GET | SNMPExecuteResult |
| SNMP_WALK | SNMPExecuteResult |
| VIMObject | VIMCommandResult |
Pattern types
Pattern types define which types of Discovery-Object are returned as results from processing.
The result of Discovery-Objects will be merged. For example in the Discovery/pattern folder you can see multiple HostInfo pattern, they are all collecting partial results of a host and the Discovery-Tool merging the Attributes together.
| Type | Example pattern (included) | Description |
|---|---|---|
| Host | Linux_Hostinfo_Hostname.pat Windows_Hostinfo_Hostname_Model.pat | Processing collected data for a Host. The pattern function (PerformAction) processing a HostInfo-Object. |
| Deviceinfo | SNMP_Deviceinfo_Default.pat | Processing collected data for a Host or a Device. The pattern function (PerformAction) processing a DeviceInfo-Object. |
| Network | Linux_NetworkInterfaces.pat Windows_NetworkInterfaces.pat | Processing collected data for NetworkInterfaces. The pattern function (PerformAction) processing the NetworkInterface-Objects of the parent system. |
| CPU | Linux_CPUs.pat Windows_CPUs.pat | Processing collected data for CPUs. The pattern function (PerformAction) processing the CPUInfo-Objects of the parent system. |
| OS | Linux_OS.pat Windows_OS.pat | Processing collected data for OS. The pattern function (PerformAction) processing the OSInfo-Objects of the parent system. |
| FileSystem | Linux_FileSystem.pat Windows_FileSystem.pat | Processing collected data for FileSystems. The pattern function (PerformAction) processing the FileSystemInfo-Objects of the parent system. |
| Application | Linux_Application_RPM.pat Windows_Application_Product.pat | Processing collected data for Applications. The pattern function (PerformAction) returning a list of ApplicationInfo-Objectsof the parent system. |
| Patch | Windows_Patches.pat | Processing collected data for Patches. The pattern function (PerformAction) processing the PatchInfo-Objects of the parent system. |
| ApplicationService | Windows_ApplicationServices.pat | Processing collected data for ApplicationServices. The pattern function (PerformAction) processing the ApplicationServiceInfo-Objects of the parent system. |
| OSProductKey | Windows_ProductKey.pat | Processing collected data for License. The pattern function (PerformAction) processing the License for the Operating-System |
| ApplicationProductKey | Example: Application Product Key | Processing collected data for License. The pattern function (PerformAction) processing the License for the Applications of the parent system. |
| User | Linux_User.pat Windows_User.pat | Processing collected data for User. The pattern function (PerformAction) processing the User of the parent system. |
| Group | Linux_Group.pat Windows_Group.pat | Processing collected data for Groups. The pattern function (PerformAction) processing the Groups of the parent system. |
| ConnectedPeripherie | Windows_Peripherie_USB_Storage.pat | Processing collected data for Extended Informations. The pattern function (PerformAction) processing the ExtendedInformation-Objects of the parent system. |
| SNMPExtendedValues | SNMP_Deviceinfo_ExtExampleRAM.pat | Processing collected data for Extended Informations. The pattern function (PerformAction) processing the ExtendedInformation-Objects of the parent system. |
| ConnectedPeripherie | Windows_Peripherie_USB_Storage.pat | Processing collected data for Connected Devices of the parent system. |
| HostinfoList | Windows_VBox_VMs.pat Linux_VBox_VMs.pat | Processing collected data for a lis of Virtual Guests The patten function (PerformAction) processing the Host-Objects (like virtual guest machines) of the parent system. |
| PostProcessing | Post Processing pattern will be executed after all the pattern types and can be used to add or modify host/device information The pattern function (PerformAction) returning a HostInfo- or a DeviceInfo-Object. |