Anyone able to fetch 'Assigned to' attribute using ACC-V

Go to solution
pratik0306
Tera Guru

‎02-20-2024 08:37 AM

Hi All,

 

Anyone able to fetch 'Assigned to' attribute using ACC-V approach? I see that this feature has been made available and it requres system property to be enabled plus local admin access for the user on the system where agent is deployed.

 

Would like to know if anyone has done it successfully.

0 Helpfuls
  • 1,208 Views
1 ACCEPTED SOLUTION

Go to solution
pratik0306
Tera Guru
In response to MDAQUIBK

‎09-12-2024 06:07 AM

Hi @MDAQUIBK ,

 

You need to enable the system property which James mentioned here in thread and also the agent should be running under System user istself and not as a service account. So if you are deploying the agent from third party then make sure u pass the option for LOCALUSERNAME=System so that post install it doesnt run under any other user

View solution in original post

10 REPLIES 10

Go to solution
pratik0306
Tera Guru
In response to MDAQUIBK

‎09-12-2024 06:07 AM

Hi @MDAQUIBK ,

 

You need to enable the system property which James mentioned here in thread and also the agent should be running under System user istself and not as a service account. So if you are deploying the agent from third party then make sure u pass the option for LOCALUSERNAME=System so that post install it doesnt run under any other user

Go to solution
James Hammond
Giga Guru

‎09-05-2024 06:15 AM

@pratik0306& @MDAQUIBK 
The docs site has an article that shows how to pull the information, using System Properties on your instance

Populating Assigned To attribute in Computer CI for ACC-V 

 

If this isn't working, let us know on the thread

 

Regards

James

Go to solution
Doci1
Kilo Sage

‎09-13-2024 12:03 AM

I would start with default check definiton "TestCheck - OSQuery [Windows]", there is a parameter "5. SELECT * FROM logged_in_users JOIN users WHERE users.type = 'local' OR users.type = 'roaming'"

 

Run it against several target devices and if it is what you want, create simple check with plugin osquery and process the result for IRE. 

Doci1_0-1726211026298.png

 

0 Helpfuls

Go to solution
MDAQUIBK
Tera Contributor
In response to Doci1

‎09-17-2024 10:03 AM

Hi @Doci1 ,

 

I tried to test the check definition using test check related links but no luck . Could you please help me ?

Do we need any specific role or user access to test the osquery?

Please find the screenshot below of the error message:

MDAQUIBK_0-1726592242679.pngMDAQUIBK_1-1726592370545.png

 

 

0 Helpfuls

Go to solution
Doci1
Kilo Sage
In response to MDAQUIBK

‎09-18-2024 01:42 AM

Interesting, our ACCs are running under SYSTEM and yes, if I run that Test check, it gives me a valid result. Do a print screen of the whole test check.

0 Helpfuls