CA Client Automation - 14.0

PDF
English

Additional Information on Intellisig

cla140
Contents
Certificate Used for Integrity Checking of Intellisig
CA Client Automation
 associates an encrypted hash with each script in the database for maintaining the integrity of an Intellisig. The Agent verifies the hashes and then executes each Intellisig. If a hash fails verification, the Agent declines to run the Intellisig. The Agent sends a message to the GUI. The message indicates the verification error and the details of the specific Intellisig that failed the integrity verifications.
The hash is encrypted using the certificate x509cert://dsm r11/cn=manager signer, o=computer associates, c=us tagged with ManagerSigner. If you use custom x509 certificates, Intellisig automatically use the custom certificate for encryption.
Detect Software on a 64-bit OS Using Both 32-bit and 64-bit Registry
You can specify the architecture value of a registry while creating custom traditional signatures in DSM Explorer for both registry and file entries. The specified value verifies that a binary is built for the specified Windows architecture.
Follow these steps:
  1. Navigate to
    DSM Explorer
    ,
    Software
    ,
    Definitions
    ,
    software category
    ,
    Release of
    software category
    ,
    Properties
    ,
    Recognition
    ,
    Advanced
    , and
    Registry
    .
  2. Select one of the following values in the Architecture drop-down box for a 64-bit OS:
    • 32
      A search in the 32-bit registry hives is triggered.
    • 64
      A search in the 64-bit registry hives is triggered.
If you change the OS group type to UNIX, the Architecture drop-down box is disabled.
Set Default Timeout for Intellisig
The default timeout of Intellisig ensures that faulty Intellisig do not run indefinitely on a computer. You can define a default timeout value for all the Intellisig scripts. The value can be defined for the scripts that are executed on a computer or for a specific Intellisig. You can apply a longer default time to Agents where the load is high. For example, database servers, and where Intellisig require extra time to complete. For desktop computers, where the load is low, you can configure a lower timeout value.
Follow these steps:
  1. Navigate to
    DSM
    ,
    Agent
    , and
    Asset Management
    .
  2. Define a value for the following parameter:
    • IntellisigDefaultExecutionTimeout
      This parameter specifies the default timeout value in minutes.
      Default:
       5
When you create an Intellisig, set timeout value to default. This action ensures that the Agent applies the configured default timeout. If the Intellisig has a timeout value greater than zero, the specified value is enforced when the Intellisig is run.
intellisigcmd - Command Line Tool
intellisigcmd is a command-line tool for Intellisig. This tool has the following format:
intellisigcmd <cmd> param1=value1 param2=value2 ... [<DB_Credentials>]
  • cmd
    This argument specifies the import, export, or genuuid command.
  • DB_credentials
    This argument specifies the database credentials of the MDB. By default, the credentials are retrieved from the comstore.
    Use the following sample format to specify the DB credentials:
    • Example: SQLServer DB Credentials
    dbvendor=mssql dbhost=myhost dbname=mdb dbuser=ca_itrm dbpassword=mypwd dbinstance=inst
dbvendor=oracle dbhost=myhost dbname=orcl dbuser=ca_itrm dbpassword=mypwd dbinstance=1521
    • Example: Oracle DB Credentials
intellisigcmd export -- Export Intellisig
The intellisigcmd export command lets you export Intellisig. You can either use the DSM Explorer or the command to export Intellisig.
Command format:
intellisigcmd export file=<export name> [type=xml|zip] [platform=all|windows|unix]
  • export name
    This argument specifies the name of the Intellisig XML or zip file that you want to export. If you do not provide the file extension, and the type is xml, the command creates a folder with the given name.
  • type
    This argument specifies whether you want to export an XML or zip file. If you do not include the type parameter, the command assumes the export type depending on the export file extension.
    Valid values:
    Xml, zip
  • platform
    This argument specifies the platform for determining which Intellisig is exported.
    Valid values:
     All, Windows, and Unix
    Default:
     All
intellisigcmd import -- Import Intellisig
The intellisigcmd import command lets you import Intellisig. You can either use the DSM Explorer or the command.
Command format:
intellisigcmd import [file=<import source>] [type=xml|zip] [mode=replace|mergenew|mergeall] [updateactive=yes|no] [delete=yes|no]
  • import source
    This argument specifies the name of the XML or zip file to which you want to import the Intellisig. If you do not provide the file extension, the command assumes the file extension depending on the type.
    To import to an XML file, ensure the supporting directories and the XML file exist in the same folder.
  • type
    This argument specifies whether you want to import as XML or zip files. If you do not include this parameter, the command assumes the import type depending on the import file extension.
    Valid values:
     Xml, zip
  • mode
    This argument specifies the import mode. Following import modes are supported:
    Default:
     mergenew
    • replace
      This mode replaces existing definitions with the definition being imported. Existing definitions are lost.
    • mergenew
      This mode appends new Intellisig versions to the definitions on the Manager. Existing definitions are not modified.
    • mergeall
      This mode appends new Intellisig versions and updates the existing definitions that are included in the import file. Intellisig versions that are undefined in the import files are not modified.
  • updateactive
    This argument specifies whether active Intellisig versions can be updated during the import.
    Valid values:
     Yes, Y, true, 1 or No, N, false, 0
    Default:
     Yes
  • delete
    This argument specifies whether you want to delete Intellisig before the import. If you do not include the delete switch, none of the Intellisig is deleted before import.
    Default:
     No
intellisigcmd genuuid -- Generate UUIDs
The intellisigcmd genuuid command lets you generate unique UUIDs which you can use when creating custom Intellisig.
Command format:
intellisigcmd genuuid [num=<count>]
  • num
    This argument specifies the number of UUIDs to be generated. If you do not specify this parameter, a single UUID is generated. Otherwise, <count> UUIDs are generated.
    Valid Values:
     1 to 1000