7 Replies Latest reply on Jul 20, 2020 1:12 AM by Andrew Waters

    BMC Discovery : Want to know how to get hostname for Discovered process,package,Service and Package

    ABHAY BHAGAT
      Share This:

      Want to know how to get hostname for Discovered process,package,Service and Package

       

       

       

      My required to get the crowd strike software running on how many system . Let me know if I may achieve it without TPL

        • 1. Re: BMC Discovery : Want to know how to get hostname for Discovered process,package,Service and Package
          Andrew Waters

          You could do something like

          SEARCH DiscoveredService

          WHERE name = "CSFalconService"

            AND state = "RUNNING"

          TRAVERSE Member:List:List:ServiceList

          TRAVERSE DiscoveryResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess

          WHERE _last_marker

          TRAVERSE Associate:Inference:InferredElement:Host

          SHOW hostname

          3 of 3 people found this helpful
          • 2. Re: BMC Discovery : Want to know how to get hostname for Discovered process,package,Service and Package
            ABHAY BHAGAT

            Thanks ,

             

            I wanted the hostname in the same table as of Discovered server or Process ,

             

            Reason for the same is that Discovered process shows 869 values whereas. when I search for Running , not running starting , start pending etc states I get less values and need to run the query four times ,

             

            Is it possible or do I need to run it four times

            • 3. Re: BMC Discovery : Want to know how to get hostname for Discovered process,package,Service and Package
              Lisa Keeler

              I'm not sure what you are saying, but here is a query to show the DiscoveredProcess and DiscoveredService results together:

               

              search DiscoveredProcess, DiscoveredService show summary, #Member:List:List:.#DiscoveryResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess.#Associate:Inference:InferredElement:Host.name as 'Name'

               

              You can customize your own query from the "Customize" button, navigating like this;

               

              First, navigate to the "list" that the process or server, etc is a member of.

              Then, navigate to the "DiscoveryAccess" that contains the list

              Then, navigate to the "Host" that was inferred from that DA

              Finally, get the "name" of that Host

               

              i hope that makes sense

              1 of 2 people found this helpful
              • 4. Re: BMC Discovery : Want to know how to get hostname for Discovered process,package,Service and Package
                Andrew Waters

                You mean you want that specific service, or process to be shown with the Host name?

                • 5. Re: BMC Discovery : Want to know how to get hostname for Discovered process,package,Service and Package
                  Abhay Bhagat

                  Yes Andrew , Consider my below query , I want the IP and host name related to the  service in my results along will all other tabs which are currently in my output

                   

                  .search DiscoveredService where * has subword 'crowdstrike' show name, display_name, state, start_mode, username, #Member:List:List:ServiceList.discovery_method as 'Discovery Method', nodecount(traverse Member:List:List:ServiceList) as 'Service List Count', #Member:List:List:ServiceList.#DiscoveryResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess.device_summary as 'Device Summary', #Member:List:List:ServiceList.#RequestSource:Request:DiscoveryAccess:DiscoveryAccess.endpoint as 'Endpoint',

                  #Member:List:List:ServiceList.#DiscoveryResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess. #Associate:Inference:InferredElement:Host as hostname,

                  #Member:List:List:ServiceList.#RequestSource:Request:DiscoveryAccess:DiscoveryAccess.state as 'State', cmdline as 'Cmdline', display_name as 'Display Name', name as 'Name', pid as 'Process Identifer', username as 'Service Runs As', start_mode as 'Start Mode', state as 'State'

                   

                  • 6. Re: BMC Discovery : Want to know how to get hostname for Discovered process,package,Service and Package
                    Abhay Bhagat

                     

                    Got the anwer , thanks for your help

                    search DiscoveredService where * has subword 'crowdstrike' show name, display_name, state, start_mode, username, #Member:List:List:ServiceList.discovery_method as 'Discovery Method', nodecount(traverse Member:List:List:ServiceList) as 'Service List Count', #Member:List:List:ServiceList.#DiscoveryResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess.device_summary as 'Device Summary', #Member:List:List:ServiceList.#RequestSource:Request:DiscoveryAccess:DiscoveryAccess.endpoint as 'Endpoint', #Member:List:List:ServiceList.#DiscoveryResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess.#Associate:Inference:InferredElement:Host as 'hostname', #Member:List:List:ServiceList.#RequestSource:Request:DiscoveryAccess:DiscoveryAccess.state as 'State', cmdline as 'Cmdline', display_name as 'Display Name', name as 'Name', pid as 'Process Identifer', username as 'Service Runs As', start_mode as 'Start Mode', state as 'State' processwith show name as 'Name', display_name as 'Display Name', state as 'State', start_mode as 'Start Mode', username as 'Service Runs As', #Member:List:List:ServiceList.discovery_method as 'Discovery Method', @6 as 'Service List Count', @7 as 'Device Summary', @8 as 'Endpoint', @9 as 'hostname', @10 as 'State', cmdline as 'Cmdline', display_name as 'Display Name', name as 'Name', pid as 'Process Identifer', username as 'Service Runs As', start_mode as 'Start Mode', state as 'State', #Member:List:List:ServiceList.#DiscoveryResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess.#Associate:Inference:InferredElement:Host.hostname as 'Hostname', #Member:List:List:ServiceList.#DiscoveryResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess.#Associate:Inference:InferredElement:Host.synonyms as 'Hostname Aliases', #Member:List:List:ServiceList.#DiscoveryResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess.#Associate:Inference:InferredElement:Host.__all_ip_addrs as 'All Ip Addrs'

                    • 7. Re: BMC Discovery : Want to know how to get hostname for Discovered process,package,Service and Package
                      Andrew Waters

                      This search has several issues.

                       

                      The service count is wrong, it is counting the ServiceList which will always be 1, you would need to traverse to the DiscoveredService (traverse List:List:member:DiscoverdService) if you want the number of services.

                      The Endpoint column key expression is following the wrong relationship, It needs #Member:List:List:ServiceList.#DiscoveryResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess.endpoint

                      Your hostname column does not work because you stopped at a node rather than an attrbute.

                      The State column is also following the wrong relationship, it needs #Member:List:List:ServiceList.#DiscoveryResult:DiscoveryAccessResult:DiscoveryAccess:DiscoveryAccess.state

                       

                      In general it is not a good idea not to use where * as this needs to check all attributes.

                       

                      This is going to return all DiscoveredService nodes for all scans so you are mixing old and new scans in your results. Hence if the service is removed from a Host you will not immediately be able to tell.

                      1 of 1 people found this helpful