IDF - Identity Finder Audit - Windows Vista/7/8
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1IDF - Identity Finder Audit - Win711/29/2012 10:29:56 AM
2Identity Finder Audit - Windows Vista/7/86/26/2013 2:19:36 PM
3Identity Finder Audit - Windows Vista/7/810/7/2013 8:34:58 AM
4IDF - Identity Finder Audit - Windows Vista/7/87/1/2014 10:58:38 AM

Description

This Analysis will audit the version of Identity Finder Installed on a Windows System. This Analysis also looks for Identity Finder log files on the system and determines when the last scan took place, as well as determining if the last scan was in the past 30 days. If there are no logs on the system from the current or previous calendar month, then the properties will return "No Recent Logs", which could mean that there are no logs what so ever. (typical in the case of a new installation)

Old Name: IDF - Identity Finder Audit - Win7

http://bigfix.me/cdb/analysis/48


Property Details

ID2994663
StatusAlpha - Code that was just developed
TitleIDF - Identity Finder Audit - Windows Vista/7/8
DomainBESC
KeywordsIDF, Identity Finder, Windows
Added by on 7/1/2014 10:58:38 AM
Last Modified by on 7/1/2014 10:58:38 AM
Counters 4393 Views / 5 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

Identity Finder Version
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
if exists keys whose (exists value "DisplayVersion" of it AND exists value "DisplayName" whose (it as string contains "Identity Finder") of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry then ((value "DisplayVersion" of it) as string) of keys whose (exists value "DisplayVersion" of it AND exists value "DisplayName" whose (it as string contains "Identity Finder") of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry else "NOT INSTALLED"
Identity Finder Last run on? (Windows 7/Vista)
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" AND exists files whose (name of it ends with ".log" AND name of it starts with "IDF_") of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") as string else "No IDF Logs"
Identity Finder Last run in 30 days? (Windows 7/Vista)
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" AND exists files whose (name of it ends with ".log" AND name of it starts with "IDF_") of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then (30*day > (now - maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) as string else "No Recent Logs"
Identity Matches in latest log file? (Windows 7/Vista)
Period 1 day
 
  * Results in a true/false
Show indented relevance
if (exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" AND exists file whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then if (exists (line whose (it contains "Total Identity Matches: ") of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) then following texts of lasts "Total Identity Matches: " of (lines whose (it contains "Total Identity Matches: ") of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") as string else "Incomplete Log File" else "No Log Files"
Number of Log Files (Windows 7/Vista)
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
if(exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\") then number of files whose (name of it ends with ".log" AND name of it starts with "IDF_") of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" as string else "No log folders"
IDF Service Running?
Period 1 day
 
  * Results in a true/false
Show indented relevance
exists running services whose((it = "IDFEndpointService" OR it = "IdentityFinderEndpointService") of service name of it)
defaultTag
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
value "defaultTag" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Endpoint Service" of registry
endpointId
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
value "endpointId" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder\Endpoint Service" of registry
ERROR: Server Connection ?
Period 1 day
 
  * Results in a true/false
Show indented relevance
exists lines whose (it contains "Identity Finder is configured to communicate with the Enterprise Console but the server specified in the serverUrl setting cannot be contacted (The server name could not be resolved):") of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = (maximum of creation times of files whose (name of it ends with ".log" AND name of it starts with "IDF_" AND creation time of it = maximum of creation times of files of parent folder of it) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folders "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\")) of folders "AppData\Local\Identity Finder\logs" of folders whose (exists folders "AppData\Local\Identity Finder\logs" of it) of folders "C:\Users\"
IDF Log Folders?
Period 1 day
 
  * Results in a "string"/number
Show indented relevance
exists folders whose (exists folder "AppData\Local\Identity Finder\logs" of it) of folder "C:\Users\" as string
IDF Temp Size
Period 2 days
 
  * Results in a true/false
Show indented relevance
if ((exists folder "users" of drive of system folder) AND (exists folders whose (exists folder "AppData\Local\Temp\Identity Finder" of it) of folder "users" of drive of system folder)) then (sum of sizes of descendants of folders "AppData\Local\Temp\Identity Finder" of folders whose (exists folder "AppData\Local\Temp\Identity Finder" of it) of folder "users" of drive of system folder) else ERROR "No IDF temp"
IDF Upgrade Failure?
Period 6 hours
 
  * Results in a true/false
Show indented relevance
if (exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder_UPGBK" of x32 registry AND (now - last write time of key "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder_UPGBK" of x32 registry) > (6*hour)) then "IDF Client Update Failure : " & ((it as string) of (now - last write time of key "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder_UPGBK" of x32 registry)) else ""
IDF Folder
Period 2 days
 
  * Results in a true/false
Show indented relevance
(value "InstallLocation" of key whose(value "DisplayName" of it as string as lowercase contains "identity finder") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry)
ModTime of IDF.lic
Period 2 days
 
  * Results in a true/false
Show indented relevance
modification times of files "identityfinder.lic" of folders ((it as string) of value "InstallLocation" of key whose(value "DisplayName" of it as string as lowercase contains "identity finder") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry)
sha1 of IDF.lic
Period 2 days
 
  * Results in a true/false
Show indented relevance
sha1s of files "identityfinder.lic" of folders ((it as string) of value "InstallLocation" of key whose(value "DisplayName" of it as string as lowercase contains "identity finder") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry)
ModTime of IDF service log
Period 1 day
 
  * Results in a true/false
Show indented relevance
modification times of files "endpointservice.log" of folders ((it as string) of value "InstallLocation" of key whose(value "DisplayName" of it as string as lowercase contains "identity finder") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry)
Errors of IDF service log
Period 2 days
 
  * Results in a true/false
Show indented relevance
(multiplicity of it, it) of unique values of following texts of firsts "ERROR - " of lines whose(it contains " ERROR - ") of files "endpointservice.log" of folders ((it as string) of value "InstallLocation" of key whose(value "DisplayName" of it as string as lowercase contains "identity finder") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry)

Relevance

isWindows (Relevance 1172)
Used in 1117 fixlets and 524 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 2 analyses   * Results in a true/false
Show indented relevance
not a member of group 47448 of sites
Used in 1 analsis   * Results in a true/false
Show indented relevance
version of operating system > "6.0"
Used in 1 analsis   * Results in a true/false
Show indented relevance
(exists service "IDFEndpointService") OR (exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder" of registry) OR (exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Identity Finder_UPGBK" of x32 registry) OR (exists keys whose (exists value "DisplayName" whose (it as string as lowercase contains "identity finder") of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of registry) OR (exists folder "C:\Users\" AND exists folders whose (exists folder "AppData\Local\Identity Finder" of it) of folder "C:\Users\")

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!