secRMMCentralEvent Discovery

Squadra.secRMMCentral.Event.Discovery (Discovery)

This discovery finds computers running the secRMMCentral product by looking in the computers registry for the secRMMCentral event log entry.

Knowledge Base article:

Element properties:

Object Discovery Details:

Member Modules:

Source Code:

<Discovery ID="Squadra.secRMMCentral.Event.Discovery" Enabled="true" Target="Windows!Microsoft.Windows.Computer" ConfirmDelivery="false" Remotable="true" Priority="Normal">

  <Category>Discovery</Category>

  <DiscoveryTypes>

    <DiscoveryClass TypeID="Squadra.secRMMCentral.Event"/>

  </DiscoveryTypes>

  <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.FilteredRegistryDiscoveryProvider">

    <ComputerName>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

    <RegistryAttributeDefinitions>

      <RegistryAttributeDefinition>

        <AttributeName>secRMMCentralExists</AttributeName>

        <Path>SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\secRMMCentral</Path>

        <PathType>0</PathType>

        <AttributeType>0</AttributeType>

      </RegistryAttributeDefinition>

    </RegistryAttributeDefinitions>

    <Frequency>86400</Frequency>

    <ClassId>$MPElement[Name="Squadra.secRMMCentral.Event"]$</ClassId>

    <InstanceSettings>

      <Settings>

        <Setting>

          <Name>$MPElement[Name="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Name>

          <Value>$Target/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Value>

        </Setting>

      </Settings>

    </InstanceSettings>

    <Expression>

      <SimpleExpression>

        <ValueExpression>

          <XPathQuery Type="Boolean">Values/secRMMCentralExists</XPathQuery>

        </ValueExpression>

        <Operator>Equal</Operator>

        <ValueExpression>

          <Value Type="Boolean">true</Value>

        </ValueExpression>

      </SimpleExpression>

    </Expression>

  </DataSource>

</Discovery>