3 Replies Latest reply on Jan 11, 2019 5:48 AM by Andrew Waters

    registrykey pattern

    Tony Mottram

      Hi All,


      Looking at writing a pattern to pull back software installed information from the window hosts registry.


      Before spending too much time on this, thought it might be wise to ask if anyone has already written one. especially as it seems quite an obvious to look


      my assumption is that all non standard windows software installed on windows machines appears in HKEY_LOCAL_MACHINE\SOFTWARE\~\~\UNINSTALL\   


      I am looking to pull out/pick up some of our business specific software which isnt currently being picked up by discovery.


      Anybody already have something that can do this ? or any suggestions (i'm currently assuming i'll be using discovery.registrykey)





        • 1. Re: registrykey pattern
          Andrew Waters

          Pulling back a registry key is easy enough. However you then need to deal with the registry key going away. It is much easier if possible to use something which will allow aging (and removal) of an SI directly, for example a running service or process.

          3 of 3 people found this helpful
          • 2. Re: registrykey pattern
            Tony Mottram

            thanks Andrew,

            the reason i was looking at this was because we have a number of business apps which don't have running processes or services to use, not many, but i still want to capture them all.

            • 3. Re: registrykey pattern
              Andrew Waters

              You can do it but you will need to manage the removal within the pattern.


              You can trigger off scanning of the Windows host


                on host := created, confirmed Host where os_class = "Windows";

              end triggers.

              Then you can pass host to discovery.registryKey as the target. You should look at this for choosing appropriate SoftwareInstance key values. There are several example templates for building SoftwareInstances.

              2 of 2 people found this helpful