How can I see what detection rule logic is being used in SQL
search cancel

How can I see what detection rule logic is being used in SQL

book

Article ID: 217675

calendar_today

Updated On:

Products

IT Management Suite Software Management Solution Inventory Solution

Issue/Introduction

You would like to know what table in the Symantec_CMDB database holds information on the logic used in your detection rules used for managed software delivery policies.

Environment

ITMS 8.x

Cause

N/A

Resolution

The data for the logic inside the detection rules are located in the Inv_Inventory_Rule table, specifically inside the InventoryRuleXml column.  You can see what this looks like by running the following SQL query against a GUID  of your inventory rule:

select cast(InventoryRuleXml as xml) 
from Inv_Inventory_Rule
where _ResourceGuid = 'B8448E86-0F00-4ACB-B869-1ACD7C4A99EE'

When viewing the results you will notice the XML looks as follows:

<ruleset type="Smart">
  <Prereqs />
  <and>
    <rule engine="{dc9b3e4c-7273-4e88-981a-f27826ce8aee}">
      <detection version="7.0" legacy62RuleProvider="standard">
        <installed>
          <expression>
            <fileVersion versionStatus="SAME" x64="true">
              <filePath name="Notepad++">
                <path>C:\Program Files\</path>
              </filePath>
              <version>7.8.6.0</version>
              <versionLower />
            </fileVersion>
          </expression>
        </installed>
      </detection>
    </rule>
  </and>
</ruleset>