How to Modifying Software Data Collection and Filtering

Document ID : KB000036463
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

By default, the Unicenter Asset Intelligence database management component is configured to collect data related to all software detected by both signature and heuristic Unicenter Asset Management scanning methods. Heuristic scanning, however, can generate data on many applications that might be considered "uninteresting" for analysis purposes, such as:

  • Base operating system components (for example "lilo" on Linux platforms) 

  • Applications and applets installed with the operating system (for example applications like "Windows Notepad")

Background:  

To combat this, Unicenter Asset Intelligence provides filters that can be used to exclude data related to a large number of "uninteresting" applications from the database. Data collection configuration as well as the application of filters is controlled by editing the following file:

%UAI_ENGINE_HOME%\ai_software_filters.xml. 

Consider the following sample text:

<software_filters heuristic_detected_enabled="y" signature_detected_enabled="y">
    <filter_set name="Generic" enabled="y">
      <filter criteria="like '%Driver'" enabled="y"/>
      <filter criteria="like '%Drivers'" enabled="y"/>
      <filter criteria="like '/%'" enabled="y"/>
      <filter criteria="= 'Dell ResourceCD'" enabled="y"/>
      <filter criteria="= 'Dial Analysis'" enabled="y"/>
      <filter criteria="like 'dump%'" enabled="y"/>
      <filter criteria="= 'GUI'" enabled="y"/>
      <filter criteria="like '%is not installed%'" enabled="y"/>
      <filter criteria="like '%remove%'" enabled="y"/>
      <filter criteria="like 'S3Display%'" enabled="y"/>
      <filter criteria="like 'S3Gamma%'" enabled="y"/>
      <filter criteria="like 'S3Info%'" enabled="y"/>
      <filter criteria="like 'Toshiba %'" enabled="y"/>
      <filter criteria="like '%Uninstall%'" enabled="y"/>
      <filter criteria="like '%uninstall%'" enabled="y"/>
      <filter criteria="like 'Ver%|%'" enabled="y"/>
      <filter criteria="= 'Wireless Hotkey'" enabled="y"/>
    </filter_set> 

This file consists of three parts which identify:

  • What type of scanning is used - heuristic, signature detected, neither or both 

  • Which groups of filters ("filter sets") will be in effect 

  • Which criteria will be used for the individual filters

Environment:  

CA Client Automation - All Versions

CA Asset Intelligence - All Versions

Instructions: 

The attributes at the highest level ("software_ filters") determine which type of software definitions will be collected. In the example above both heuristic and signature detected (also known as "file scan") definitions are enabled. This is the default. To exclude data collected through either method, change the appropriate enabled value to "n". For example:

<software_filters heuristic_detected_enabled="n" signature_detected_enabled="y"> 

Excludes data collected through heuristic scanning.

Note: Excluding both filters is not recommended. Without this data, many of the key Unicenter Asset Intelligence data views would be empty.

The filter_set name attribute provides a convenient method of organizing filters into logical groups ("filter sets") which can be enabled or disabled as a whole. A filter set does not have to be limited to a specific subset of software data. For example, filters in the "AIX" filter set are NOT applied only to software detected on systems running the "AIX" operating systems. Filters will exclude software titles matching the filter criteria no matter what system the software is linked to or what operating system is employed. Changing the "enabled" attribute to "no" removes the entire filter set from consideration in the filtering process.

The filter criteria attributes within each filter set identify the criteria for filtering (excluding) software titles from Unicenter Asset Intelligence statistics. As with filter sets, individual filters can be disabled/enabled by toggling the filter's "enabled" attribute between "y" and "n".

Filter criteria must be a valid SQL condition that be applied to the software title in an SQL "where" clause. Typically these clauses are based on equality (for example, "= 'Dell ResourceCD'") or patterns using the "like" operator (for example,"like 'S3Info%'" where "%" is the wildcard for "any string").

Although the default filters included in the file can be used as templates it is highly recommended that the user defining the new filters have a working knowledge of SQL. As with all configuration files you should also always create a backup copy of the original file before making any changes. All new or modified filters should also be tested in a lab environment first to ensure the expected software titles are returned and that users won't be impacted by unexpected results.

Note: Criteria based on patterns (using the "like" operator) requires significantly more CPU usage and processing time than criteria based on equality (using the "=" operator). Therefore, it is recommended that you use the equality operator whenever possible.