For a SAM use case, use ACC-V to read the apps installed by on a Windows machine via Microsoft Store

During a POC there was a desire to include the apps installed by on a Windows machine via Microsoft Apps Store. This way the Software asset management team can see what was installed via the Apps store.

The code works but lease consider the code Proof Of Concept quality.

For completeness code to remove apps from the SAM table if a certain App no longer is installed may have to be added to stay correct over time.

Based on this template "Build your own ACC-V Inventory module (Check Definition)" so for detailed instructions read that one first.

The check parameters in the check definition used:

/*******
*
*  Retrieve Windows Features from ACC OS Query 
*  https://github.com/osquery/osquery/blob/master/specs/windows/windows_optional_features.table
*  Return a list of installed features 
*  Table populated: cmdb_sam_sw_install
*  v 0.1 Remco Lengers 
*
********/
gs.info("OSQUERY-OBJ:" +  JSON.stringify(checkResults));

for (var index = 0; index < checkResults.length; index++) {
    var check  = checkResults[index]["check"];
    if (check) {

        // Cycle through JSON list gotten from OS Query
        // [
        // {"caption":"Microsoft-Windows-Server-Core-Package-DisplayName","name":"Server-Core"},
        // {"caption":".NET Framework 4.8 Features","name":"NetFx4ServerFeatures"},
        // {"caption":".NET Framework 4.8","name":"NetFx4"}
        // ]        

        //Get CI object
        var ci = new GlideRecord("cmdb_ci_win_server");
        ci.get('sys_id', check.ci_id);

        //Get SAM table

        if (ci.name) {
            var out = JSON.stringify(check["output"]);
            //gs.info("OSQUERY-I-OK CI found: " + ci.name);
            var outObj = JSON.parse(out);
            var Newoutput =JSON.parse(outObj);
            //gs.info("OSQUERY-I-OK Output length: " + Newoutput.length );

            for (i = 0; i < Newoutput.length; i++) {

                //gs.info("OSQUERY-I-OK Output length: " + Newoutput.length );
                var caption_out = Newoutput[i].caption;
                var name_out = Newoutput[i].name;
                //gs.info("OSQUERY-I-OK Output caption,name,ci: " + caption_out + "," + name_out + "," + ci.name);

                // Build query to check if record already exists for this CI
                var gr = new GlideRecord('cmdb_sam_sw_install');
                gr.addQuery('installed_on', ci.sys_id);
                gr.addQuery('display_name', name_out);
                gr.addQuery('version', caption_out);
                gr.query();
                gs.log('OSQUERY-I-OK Occurrences count: ' + gr.getRowCount());
                if (gr.getRowCount() < 1){
                    // If less then 1 occurence then insert the record
                    var sam_insert = new GlideRecord("cmdb_sam_sw_install");
                    sam_insert.setValue("installed_on", ci.sys_id);
                    sam_insert.setValue("display_name", name_out);
                    sam_insert.setValue("version", caption_out);
                    sam_insert.update();
                }
            }

        } else {
            gs.error("OSQUERY-E-NOCI CI not found"  + check.client);    
        }
    } else {
        gs.error("OSQUERY-E-Empty no check result found");  
    }
}

Labels: