Clean-up Inventory and add rest of analyses

Author: strawgate

Analyses/Applications - Audit Usage - Windows.bes

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Analysis>
+		<Title>Applications - Java - Windows</Title>
+		<Description>Information about Java </Description>
+		<Relevance>true</Relevance>
+		<Source>Internal</Source>
+		<SourceReleaseDate>2016-04-12</SourceReleaseDate>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Mon, 25 Apr 2016 01:43:51 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<Property Name="Java - Installed - Windows (x86)" ID="1">values "DisplayName" of (keys whose (value "DisplayName" of it as string starts with "Java") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of ( x32 registry)) as string</Property>
+		<Property Name="Java - Installed - Windows (x64)" ID="2">if (x64 of operating system) then (values "DisplayName" of (keys whose (value "DisplayName" of it as string starts with "Java") of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" of ( x64 registry)) as string) else ("N/A (not 64-bit)")</Property>
+		<Property Name="Java - Config - exceptions.sites - Windows" ID="3">unique values of (it as string) of lines of files "exception.sites" of folders "AppData\LocalLow\Sun\Java\Deployment\security" of folders whose(exists folders "AppData\LocalLow\Sun\Java\Deployment\security" of it) of folder "C:\Users"</Property>
+	</Analysis>
+</BES>
+

Analyses/Applications - Gather Usage - Windows.bes

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Analysis>
+		<Title>Applications - Universal</Title>
+		<Description>Application Inventory</Description>
+		<Relevance>true</Relevance>
+		<Source>Internal</Source>
+		<SourceReleaseDate>2016-03-30</SourceReleaseDate>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Mon, 25 Apr 2016 02:26:28 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<Property Name="Applications - Currently Running - Universal" ID="1">running applications</Property>
+		<Property Name="Applications - Registered Applications - Universal" ID="2" EvaluationPeriod="PT1H">regapps</Property>
+		<Property Name="Applications - Installed - Windows" ID="4" EvaluationPeriod="P1D">unique values of (it as string) of (value "DisplayName" of it as string as trimmed string, (value "DisplayVersion" of it as string | "None")) of keys whose (exists value "DisplayName" of it) of keys "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall" of (if x64 of operating system then (x64 registry;x32 registry) else x32 registry)</Property>
+		<Property Name="Applications - Uninstall Strings - Windows" ID="5" EvaluationPeriod="P2D">(value "DisplayName" of it as string | "N\A", value "UninstallString" of it as string | "N\A") of (keys of keys "HKLM\software\microsoft\windows\currentversion\uninstall" of ( x32 registry; (if exists x64 registry then x64 registry else nothing) )) whose ((exists (it) and it as string does not contain "Oarpmany.exe") of value "UninstallString" of it)</Property>
+		<Property Name="Applications - Silent Uninstall Strings - Windows" ID="6" EvaluationPeriod="P2D">(value "DisplayName" of it as string | "N\A", value "QuietUninstallString" of it as string | "N\A") of (keys of keys "HKLM\software\microsoft\windows\currentversion\uninstall" of ( x32 registry; (if exists x64 registry then x64 registry else nothing) )) whose ((exists (it) and it as string does not contain "Oarpmany.exe") of value "QuietUninstallString" of it)</Property>
+	</Analysis>
+</BES>
+

Analyses/Applications - Java - Windows.bes

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Analysis>
+		<Title>Drivers - Windows</Title>
+		<Description>This analysis covers the action that Windows takes when loading drivers with invalid or missing digital signatures as well as the install printer drivers on the system.</Description>
+		<Relevance><![CDATA[windows of operating system and version of operating system >= "5.1"]]></Relevance>
+		<Relevance>not in proxy agent context</Relevance>
+		<Source>Internal</Source>
+		<SourceReleaseDate>2016-04-23</SourceReleaseDate>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Sun, 24 Apr 2016 20:13:38 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<Property Name="Drivers - Behavior on Signature Failure - Windows" ID="1">(if (it = "00") then ("Ignore") else (if (it = "01") then "Warn" else "Block")) of (value "Policy" of key "HKEY_LOCAL_MACHINE\Software\Microsoft\Non-Driver Signing" of native registry as string)</Property>
+		<Property Name="Drivers - Printers - Windows" ID="3">unique values of names of keys of keys of keys "Drivers" of keys of key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments" of native registry</Property>
+		<Property Name="Drivers - Printers with Versions - Windows" ID="4">(names of it, value "DriverVersion" of it as string) of keys of keys of keys "Drivers" of keys of key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments" of native registry</Property>
+	</Analysis>
+</BES>
+

Analyses/Applications - Universal.bes

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
+	<Analysis>
+		<Title>Event Log - Windows</Title>
+		<Description><![CDATA[Learn more about this analysis online: <A href="http://bigfix.me/cdb/analysis/2995921">http://bigfix.me/cdb/analysis/2995921</A><BR><BR>Pulls the maximum size of various event logs from the Windows Registry and formats them as megabytes ]]></Description>
+		<Relevance><![CDATA[windows of operating system and version of operating system >= "6.0"]]></Relevance>
+		<MIMEField>
+			<Name>bigfixme-added-time</Name>
+			<Value>Wed, 13 Apr 2016 22:23:53 GMT</Value>
+		</MIMEField>
+		<MIMEField>
+			<Name>bigfixme-modification-time</Name>
+			<Value>Wed, 13 Apr 2016 22:23:53 GMT</Value>
+		</MIMEField>
+		<MIMEField>
+			<Name>bigfixme-keywords</Name>
+			<Value>Poor Man's Inventory</Value>
+		</MIMEField>
+		<MIMEField>
+			<Name>bigfixme-ID</Name>
+			<Value>2995921</Value>
+		</MIMEField>
+		<MIMEField>
+			<Name>x-fixlet-modification-time</Name>
+			<Value>Sun, 24 Apr 2016 20:14:52 +0000</Value>
+		</MIMEField>
+		<Domain>BESC</Domain>
+		<Property Name="Event Log - Security Max Size (MB) - Windows" ID="1">(value "MaxSize" of key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Security" of registry) as string as integer / 1024 / 1024</Property>
+		<Property Name="Event Log - Hardware Events Max Size (MB) - Windows" ID="2">(value "MaxSize" of key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\HardwareEvents" of registry) as string as integer / 1024 / 1024</Property>
+		<Property Name="Event Log - Key Management Service Max Size (MB) - Windows" ID="4">(value "MaxSize" of key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Key Management Service" of registry) as string as integer / 1024 / 1024</Property>
+		<Property Name="Event Log - System Max Size (MB) - Windows" ID="5">(value "MaxSize" of key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\System" of registry) as string as integer / 1024 / 1024</Property>
+		<Property Name="Event Log - Powershell - Max Size (MB) - Windows" ID="6">(value "MaxSize" of key "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Windows PowerShell" of registry) as string as integer / 1024 / 1024</Property>
+	</Analysis>
+</BES>
+