• Loading...
This documentation refers to a previously released version of BMC Atrium Discovery (other versions).

Manual Pattern Execution

Skip to end of metadata
Go to start of metadata
Space Search

Searching TWF 7.3

Table of Contents

Patterns are generally triggered on specific events or changes that occur in the course of a discovery run. Sometimes you may want to run a pattern outside a discovery run, for example, you may be developing patterns against already scanned hosts. This can be achieved by running a pattern against the nodes contained in a Group.

Selecting Hosts or Other Nodes

You can select hosts or other nodes by adding them to a group.

  1. Either:
    • From a view node (including host) page – from the Actions drop-down, select Groups and add the node to a group.
    • From a report or other search result – select the required items, then from the Actions drop-down, select Groups and add the nodes to a group.

Node Types Against Which Patterns can be Run

You should add nodes to your group of the kind that the pattern triggers on. For example, if the pattern triggers on a DiscoveredProcess, then you should add DiscoveredProcess nodes. However, the system is able to expand Host nodes in an intelligent fashion such that it is possible, for example, to simply add a host even though the pattern requires a DiscoveredProcess.

The following table defines the complete set of traversals used to expand from Host nodes to other node kinds. Where more than one traversal is shown, the traversal steps are followed one after the other.

Required Traversal(s)
DiscoveredProcess
  • InferredElement:Inference:
       Primary:DeviceInfo
  • DiscoveryResult:DiscoveryAccessResult:
       DiscoveryAccess:DiscoveryAccess
  • DiscoveryAccess:DiscoveryAccessResult:
       DiscoveryResult:ProcessList
  • List:List:Member:DiscoveredProcess
DiscoveredListeningPort
  • InferredElement:Inference:
       Primary:DeviceInfo
  • DiscoveryResult:DiscoveryAccessResult:
       DiscoveryAccess:DiscoveryAccess
  • DiscoveryAccess:DiscoveryAccessResult:
       DiscoveryResult:NetworkConnectionList
  • List:List:
       Member:DiscoveredListeningPort
SoftwareInstance
  • Host:HostedSoftware:
       RunningSoftware:SoftwareInstance
BusinessApplicationInstance
  • Host:HostedSoftware:
       RunningSoftware:BusinessApplicationInstance
DeviceInfo
  • InferredElement:Inference:
       Primary:DeviceInfo
HostInfo
  • InferredElement:Inference:
       Primary:HostInfo
Cluster
  • ContainedHost:HostContainment:
       HostContainer:Cluster
HostContainer
  • ContainedHost:HostContainment:
       HostContainer:HostContainer

Running Patterns

To run a pattern against a group, navigate to the View Pattern page of the pattern you wish to run. To do this:

  1. From the Discovery tab, click the Pattern Management button. The Pattern Management: Browse Packages page is displayed.

  2. Click the Package containing the pattern you want to run from the package list. The Pattern Package page is displayed.

  3. Click the Pattern Modules link. The Pattern Module List page is displayed.

  4. Select the Pattern Module containing the pattern that you want to run. The Pattern Module page is displayed.

  5. From this page you can edit the pattern source or configuration if necessary. Editing the pattern is described in Pattern Configuration and Editing.
    Click this link to continue this procedure after editing the pattern.
    1. Once the pattern is edited, you are returned to the Pattern Management: Browse Packages page.
    2. Select the Package containing the pattern you want to run from the package list. The Pattern Package page is displayed.

    3. Click the Pattern Modules link. The Pattern Module List page is displayed.

    4. Click the Pattern Package link. The Pattern Module page is displayed.

  6. Click the Pattern link in the heading table. The Pattern page is displayed.

  7. From the Actions drop down, select Run Pattern. The Run this Pattern window is displayed.

    Select the Group that you want to run the pattern against using the Run against Group drop down. Then choose the settings for the pattern run. Set Expand, Execution Logging, and Additional Discovery. The settings are described in the table below.
    Field Description
    Run against Group Provides the drop down to select the group to run the pattern against. If you don't have any Working Sets then the checkbox for showing only Working Sets will be disabled. If you do have at least one working set then deselecting this checkbox enables you to choose Groups which are not in your working set. The text beneath shows the number of nodes in the group that are the correct node kind to match the pattern's trigger. If the group contains a host node, select the Expand checkbox to check the host for additional nodes that match the pattern's trigger.
    For example, the ApacheBasedWebserver pattern triggers on DiscoveredProcess nodes. If the group contains one DiscoveredProcess node and one host node (containing, 162 DiscoveredProcess nodes) this field shows 1 Discovered Process node if Expand is not checked and 163 Discovered Process nodes (including 162 via 1 Host node) if it is checked.
    Execution Logging Select the logging level for this pattern run. This is one of Debug, Info, Warning, Error, or Critical.
    Additional Discovery Choose whether discovery commands which perform additional discovery such as getFile or runCommand should perform live discovery of the host.
    Do not get extra data – Use any existing data that is available on the appliance.
    Get data as needed – Use any existing data that is available on the appliance. If additional data is required, perform discovery on the target to obtain it. Get data as needed will only make a request if that request has not been made before.
    Get all new discovery data – Always perform a new discovery. Do not use any previously discovered data.
  8. While the pattern is running, the results page is displayed.
Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.