ITOM Discovery | MS Windows Patch Level

claudio_palmeri · ‎04-09-2024

Hi Community,

We have started playing with Agent Client Collector for Visibility (ACC-V) to bring in endpoint information into ServiceNow and CMDB. The discovery is pretty smooth and brings in all the information that we need, except for the patch level.

I have seen a Knowledge Base article that somewhat talks about this topic, but it is very focussed on Service Packs: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0870914.

In our environment, we don't install Service Packs, as such, but rather incremental patches and fixes as they are made available by Microsoft - I have confirmed that the CSDVersion attribute in MS Windows is NULL.

The net result is that the 'OS Version' and 'OS Service Pack' attributes only provide partial information on the level of patching of the endpoint.

See screenshots from MS Windows versus what ServiceNow shows.

What can we do to augment the discovery with the appropriate level of patching? In the example from the screenshots, it should ideally say 10.0.19045.4170 and not just 10.0.19045.

Thank you!

Severin Launiau · ‎04-17-2024

@claudio_palmeri: ACC extracts most of the data points from osquery, which is bundled with the agent as a plugin. If you need additional data points such as the patch level, you can create your own check definition and retrieve the patch level information as well. I just had a quick look at the "os_version" table in osquery, and it seems the patch and build attributes could help you, see the osquery schema.

From there, you have quite a few options to get it into your CDMB. You can watch the webinar on how to extend ACC capabilities, see KB1122613 as well as the blog posts referenced in there. You may also want to enable Field Normalization and set up some reconciliation rules if you've enabled Multisource CMDB.