IBM Endpoint Manager Inspectors Reference

Terminology

Win: Windows
Lin: Red Hat and SUSE Linux
Sol: SUN Solaris
HPUX: Hewlett-Packard UNIX version
AIX: IBM AIX
Mac: Apple Macintosh
Ubu: Ubuntu/Debian
WM: Windows Mobile

The version (e.g. Lin:8.1) corresponds to the version of the IEM product (8.1) in which the inspector was introduced in the client on that platform.
The version number is not shown if it is less than 8.0.

Platform


Contents

Action Objects
Authorization Objects
access control entry
access control list
audit policy
audit policy category
audit policy information
audit policy subcategory
client_cryptography
cryptography
discretionary access control list
local group
local group member
security account
security database
security descriptor
security identifier
system access control list
x509 certificate
Client Objects
Directory Services
Environment Objects
Filesystem Objects
Firewall Objects
Fixlet Objects
Formatting Objects
Installed System Software
Introspectors
License Objects
Microsoft IIS Metabase Objects
Miscellaneous
Networking Objects
Power Objects
Primitive Objects
Registry Objects
Session Objects
Session Statistics
Site Objects
SMBIOS objects
System Objects
Task Objects
User Objects
Windows Mobile Device Objects
WMI Objects
World Objects

IBM Endpoint Manager wiki

Authorization Objects

These inspectors retrieve security and access settings.

access control list

An Access Control List, or ACL, is a list of security protections that applies to an object. An object can be a file, process, event, or anything else having a security descriptor. An entry in an access control list (ACL) is an access control entry (ACE). These Inspectors work by exposing the GetEffectiveRightsFromAcl method, as explained at the MSDN site. Note: Requires Windows XP, Windows 2000 Professional, or Windows NT Workstation 3.1 and later.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

access control entry

An Access Control Entity, or ACE, is an entry in an access control list (ACL). An ACE contains a set of access rights and a security identifier (SID) that identifies a trustee for whom the rights are allowed, denied, or audited.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

system access control list

The <system access control list> Inspectors retrieve information from the access control list that controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object's SACL is controlled by a privilege typically held only by system administrators.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

discretionary access control list

The <discretionary access control list> Inspectors retrieve information from the access control list that is monitored by the owner of the object and specifies what kinds of access particular users or groups can have to the specified object.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

security account

The <security account> type serves as a base type for the "user" and "local group" types and for properties common to users and groups.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

security descriptor

The <security descriptor> objects are structures and associated data that contain the security information for a securable object. A security descriptor identifies the object's owner and primary group. It can also contain a DACL that controls access to the object, and a SACL that controls the logging of attempts to access the object.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

security identifier

A Security Identifier, or SID, is a data structure that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account's SID rather than the account's user or group name.

Creation Methods

DeclarationDescriptionPlatforms (?)

Operators

DeclarationReturn TypeDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

security database

The <security database> Inspectors retrieve information from the security accounts manager (SAM) database or, in the case of domain controllers, the Active Directory. The Security database and its properties expose the NetUserModalsGet API, levels 0 and 3. For more information, see the NetUserModalsGet Function at the MSDN site: http://msdn.microsoft.com.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

audit policy

The <audit policy> Inspectors return the policies put in place for recording information about security-related operations on the client computer. For example, you can set a policy to monitor the modification of files. This will trigger an audit entry showing whenever a file is modified, the associated user account, and the date and time of the action. You can audit both successful and failed attempts at actions. Often, the failed attempts are more interesting, as they may indicate attempts to unsuccessfully subvert a policy. For instance, a successful login is not as interesting as a repeated failure might be.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

audit policy category

Windows audit policies, as of Vista and later, are divided into categories. Currently there are 9 categories, including System, Logon/Logoff, Object Access, Privilege Use, Detailed Tracking, Policy Change, Account Management, DS Access and Account Logon.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

audit policy subcategory

Windows audit policy categories, as of Vista and later, are divided into about 50 subcategories. This level of granularity is designed to narrow in on specific security-related operations on the client computer, helping to filter out the normal noise of an active environment.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

audit policy information

The <audit policy information> Inspectors return the two attributes of the audit policy for a given subcategory: whether or not succesful operations will be audited ("audit success"), and whether or not unsuccessful operations will be audited ("audit failure").

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

cryptography

This is a global object that has several properties that expose the state of the cryptography controls. BigFix uses cryptographic functions throughout the BigFix Platform. Every time an operator logs in to BigFix, creates a new user, starts an action or subscribes to new content, authentication and signature routines are executed using cryptographic libraries based on the FIPS 140-2 standard.

Creation Methods

DeclarationDescriptionPlatforms (?)
cryptographyA global object that implements the FIPS 140-2 standard for secure signing and authentication throughout the BigFix application.Win, Lin, Sol, HPUX, AIX, Mac, Ubu:8.1

Properties

DeclarationReturn typeDescriptionPlatforms (?)
desired fips mode of <cryptography><boolean>

Plural: desired fips modes		Returns TRUE if the application (the client, console, or web reports, depending on the context) tried to enter FIPS 140-2 compliant mode.Win, Lin, Sol, HPUX, AIX, Mac, Ubu:8.1
fips mode failure message of <cryptography><string>

Plural: fips mode failure messages		Returns the error message returned by the cryptographic library if the application (the client, console, or web reports, depending on the context) tried to enter FIPS 140-2 compliant mode and failed.Win, Lin, Sol, HPUX, AIX, Mac, Ubu:8.1
fips mode of <cryptography><boolean>

Plural: fips modes		Returns TRUE if the application (the client, console, or web reports, depending on the context) is operating in FIPS 140-2 mode (the mode provided by openssl). FIPS mode limits the set of ciphers and SSL protocols that can be used in the cryptographic library.Win, Lin, Sol, HPUX, AIX, Mac, Ubu:8.1

client_cryptography

The <client_cryptography> Inspectors expose cryptographic properties exclusive to the client.

Creation Methods

DeclarationDescriptionPlatforms (?)
client cryptographyThis Inspector is similar to the core cryptography object except that it returns properties exclusive to the client (whereas <cryptography> is also available in the Console/Web Reports contexts).Win, Lin, Sol, HPUX, AIX, Mac, WM, Ubu:8.1

Properties

DeclarationReturn typeDescriptionPlatforms (?)
desired encrypt report of <client_cryptography><boolean>

Plural: desired encrypt reports		Returns TRUE if the client is configured to attempt to encrypt reports.Win, Lin, Sol, HPUX, AIX, Mac, WM, Ubu:8.1
encrypt report failure message of <client_cryptography><string>

Plural: encrypt report failure messages		If the client is not successfully encrypting reports, this Inspector returns the failure message.Win, Lin, Sol, HPUX, AIX, Mac, WM, Ubu:8.1
encrypt report of <client_cryptography><boolean>

Plural: encrypt reports		Returns TRUE if the client is successfully encrypting reports.Win, Lin, Sol, HPUX, AIX, Mac, WM, Ubu:8.1

x509 certificate

X.509 is a public key infrastructure standard, specifying formats for public key certificates and revocations. These Inspectors interpret the certificate from a file in the PEM format. They can be used to analyze encryption credentials on decrypting relays or root servers.

Creation Methods

DeclarationDescriptionPlatforms (?)
encryption certificate of <license>Provides the encryption certificate that is currently active and which will be used by clients to encrypt reports.Win, Lin, Sol, HPUX, AIX, Mac, WM, Ubu:8.1

Properties

DeclarationReturn typeDescriptionPlatforms (?)
invalid before of <x509 certificate><time>

Plural: invalid befores		Returns the date on which the certificate first becomes valid. This is useful for examining encryption certificates, where the 'invalid before date' is the time when the encryption credentials were generated.Win, Lin, Sol, HPUX, AIX, Mac, WM, Ubu:8.1
sha1 of <x509 certificate><string>

Plural: sha1s		Returns the SHA1 hash of the given certificate, which uniquely identifies it.Win, Lin, Sol, HPUX, AIX, Mac, WM, Ubu:8.1

local group

The <local group> Inspectors return information on local groups as defined on the local BES Client computer using the windows NetLocalGroupEnum API, one of Windows Network Management Functions. Local groups have names, comments, members and security IDs.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)

local group member

The <local group member> Inspectors return information (such as security IDs) on members of local groups as defined on the local BES Client computer using the windows NetLocalGroupEnum API, one of Windows Network Management Functions.

Creation Methods

DeclarationDescriptionPlatforms (?)

Properties

DeclarationReturn typeDescriptionPlatforms (?)