3 Replies Latest reply on Feb 13, 2019 4:00 AM by phoffmann

    Is a wildcard entry custom data possible?

    MikeyK Apprentice

      We are looking to pull some data from registry to identify machines that was upgraded from Windows 7 to Windows 10.

       

      However they are not static registry keys. Is it possible to create custom data entries with a wild card, pulling in all wildcard entries..


      Example

      Source OS > Product name, Source OS being the wild card as their can be multiple source OS upgrades, i.e 1607, 1703, 1709, 1803 and Windows 7 etc.

       

      Thanks

        • 1. Re: Is a wildcard entry custom data possible?
          phoffmann SupportEmployee

          Short version - "no".

           

          Longer version - "Yes (sort of), with some effort - but will require some work".

           

          So for one thing, if you're using custom data a lot, you may want to have a look at this stuff -- How to create/model your own custom DB tables -- it's a *lot* to read (no need to do it in a single sitting), but it explains a *LOT* (technical, and so on) and helps cover various "trickery" / magic that you can do with custom data.

           

          Now - as for REGISTRY keys (which you use here) ... "no", you can't use wild cards for the registry paths. That COULD be a bit dangerous (keep in mind that code logic behaves "as configured" not necessarily "as intended").

           

          What I would recommend INSTEAD here, is something like this:

          • Create / define set registry keys / values for you to collect data from.
          • Have (separately) a SCRIPT (where you *CAN* do a whole butt-load of registry / logic to identify what you're really after) go & locate the data for you ... and inject it into those "set / determined" registry keys.

           

          ... that's a "much cleaner" (and safer) approach to solving this problem. It's much easier this way (as you control WHAT gets picked up -- and WHERE - in two separate things).

           

          You can even use a custom vulnerability definition (if you want to get fancy) to help locate / populate the data... (which by and large would "just" need to run the script that you've identified).

           

          Not necessary - just seeding possible ideas.

           

          Does this make sense / help you?

          • 2. Re: Is a wildcard entry custom data possible?
            MikeyK Apprentice

            Thanks mate, that answers it perfectly.

            Scripting into set registry entries sounds pretty good.

             

            Cheers

            • 3. Re: Is a wildcard entry custom data possible?
              phoffmann SupportEmployee

              Happy to help.