Discovery Agent Client Collector - Grabbing Specific Registry Entry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2025 11:53 AM
We are currently grabbing a registry entry and updating a custom field on PCs using Discovery and a script within the Windows - OS Information sensor, which is part of the Windows - OS Information Discovery Probe.
How can we do the same with Discovery Agent Client Collector? How can you target a specific registry entry within a Check Definition or Policy and have it pull that data for a PC? Or even if you can update the "Enhanced Discovery" definition/policy to pull it, that would be fine as well.
This is the script used to grab the registry key within the Windows - OS Information sensor if it helps
// This code is to grab the registry key guid for Immunet Protect (AMP)
// Reference: https://community.servicenow.com/community?id=community_question&sys_id=14540369dbd8dbc01dcaf3231f961923&view_source=searchResult
// NOTE: Add Registry Key location to WMI Fields in the Discovery Probe: Windows - OS Information. That probe needs the registry key so the below sensor code will work.
var regKey = "HKEY_LOCAL_MACHINE.SOFTWARE.Immunet Protect"; // need dots between the levels.
var node = g_disco_functions.findRegistryNode(result.Registry, regKey);
var guidValue = g_disco_functions.findNodeValueWithAttribute(node, "guid");
current.u_cisco_secure_endpoint = guidValue;
Please mark this response as correct and/or helpful if it assisted you with your question.
Steven
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2025 08:16 PM
@Steven Parker: prefer your own check definition and policy, and keep the enhanced discovery OOTB so that it doesn't conflict with ACC upgrades. You can retrieve data points from the registry using osquery; if the syntax is too complex, you may want to put it in a PS script. There is step by step material in the articles and webinars from KB1122613.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2025 11:14 AM
In the TestCheck - OSQuery [Windows] check definition, I built my own OSquery to test. It's working and pulling the data from the registry.
My confusing now comes with how do I get this data in to a field in the CMDB on a record?
Do I have to build a check definition and then a policy for it? But I still don't know how this data gets into the "secure_endpont_guid" field in the CMDB for a computer.
Please mark this response as correct and/or helpful if it assisted you with your question.
Steven
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2025 04:39 AM
Hi Steven,
I'm curious how does your check parameter definition looks like?
When I try to get data from the registry I only get an empty output.
