OpenNAC Agent Parser¶
Computer information sent by openNAC Agent is processed in openNAC Core. Some information is automatically saved in the user device using tags. The rest data could be manually processed using openNAC Agent Parsers.
openNAC Agent sends the data using XML Format. The following lines show the minimal structure of a “Full” agent payload.
<REQUEST>
<CONTENT>
<ACCOUNTINFO>
<KEYNAME>TAG</KEYNAME>
<KEYVALUE>e386aa0124086d1d7bff9623514d454f</KEYVALUE>
</ACCOUNTINFO>
<OPENNAC>
<TYPE>service</TYPE>
<VPNVERSION>0</VPNVERSION>
<PLATFORM>Windows</PLATFORM>
<VERSION>1.0.8267</VERSION>
<MONITOR_TYPE>Pipe</MONITOR_TYPE>
<UID>D6B26487A0AB</UID>
</OPENNAC>
<SECURITYCENTER>
<CATEGORY>Firewall</CATEGORY>
<DOMAIN>1</DOMAIN>
<PUBLIC>1</PUBLIC>
<STANDARD>1</STANDARD>
<SC_ENABLED>1</SC_ENABLED>
<SCV>0</SCV>
<COMPANY></COMPANY>
<PRODUCT></PRODUCT>
<VERSION>0</VERSION>
<ENABLED>1</ENABLED>
<UPTODATE>1</UPTODATE>
</SECURITYCENTER>
<SECURITYCENTER>
<CATEGORY>Antivirus</CATEGORY>
<SC_ENABLED>1</SC_ENABLED>
<SCV>0</SCV>
<COMPANY></COMPANY>
<PRODUCT></PRODUCT>
<VERSION>0</VERSION>
<ENABLED>0</ENABLED>
<UPTODATE>0</UPTODATE>
</SECURITYCENTER>
<NETWORKS>
<NAME>Local Area Connection 4</NAME>
<DESCRIPTION>Intel(R) PRO/1000 MT Network Connection 3</DESCRIPTION>
<DHCP_ENABLED>1</DHCP_ENABLED>
<GATEWAY>10.10.36.254</GATEWAY>
<TYPE>6</TYPE>
<OPER_STATUS>1</OPER_STATUS>
<MACADDR>D6:B2:64:87:A0:AB</MACADDR>
<IPADDRESS>10.10.36.114</IPADDRESS>
</NETWORKS>
<HARDWARE>
<UNIQUE_ID>3e9e679d-bb1a-487a-aded-cacad9036295</UNIQUE_ID>
<NAME>STD7-V01-QA</NAME>
<OSNAME>Windows 7 Professional N</OSNAME>
<OSVERSION>6.1</OSVERSION>
<RELEASE_ID></RELEASE_ID>
<ARCH>x64</ARCH>
<OS_VOLUME>C:</OS_VOLUME>
<SERIAL_NUMBER>2986857667</SERIAL_NUMBER>
<BIT_LOCKER>0</BIT_LOCKER>
<HYPERVISOR>Microsoft Hv</HYPERVISOR>
<OS_VM>1</OS_VM>
</HARDWARE>
<USER_ACTIVE>
<NAME>user99</NAME>
</USER_ACTIVE>
<PROCESS>
<NAME>System Process</NAME>
<ID>0</ID>
<PARENTID>0</PARENTID>
<THREADCOUNT>2</THREADCOUNT>
<MEMORY>0</MEMORY>
</PROCESS>
<SOFTWARES>
<UPDATE>0</UPDATE>
<NAME>AX88179_AX88178A Windows 7 Drivers v1.x.11.0</NAME>
<VERSION>3.0.5.0</VERSION>
<PUBLISHER>ASIX Electronics Corporation</PUBLISHER>
<INSTALLDATE>1/4/2018</INSTALLDATE>
</SOFTWARES>
<WIFI>
<INTERFACE_GUID>9A25CE05-69BD-4275-BF0A-87378C1F09CE</INTERFACE_GUID>
<INTERFACE_DESCRIPTION>Intel(R) Dual Band Wireless-AC 8265</INTERFACE_DESCRIPTION>
<SSID>opennac-Barcelona</SSID>
<SIGNAL_QUALITY>100</SIGNAL_QUALITY>
<SECURITY_ENABLED>1</SECURITY_ENABLED>
<SECURITY>WPA2</SECURITY>
<CONNECTABLE>1</CONNECTABLE>
<IS_CONNECTED>0</IS_CONNECTED>
</WIFI>
<BLUETOOTH>
<INSTANCE_NAME>STD7-V01-QA</INSTANCE_NAME>
<INSTANCE_ADDRESS>A0:A4:C5:68:28:BE</INSTANCE_ADDRESS>
<DEVICE_NAME>Microsoft Wedge Touch Mouse</DEVICE_NAME>
<DEVICE_ADDRESS>7C:1E:52:6B:C6:39</DEVICE_ADDRESS>
<DEVICE_CONNECTED>0</DEVICE_CONNECTED>
<DEVICE_AUTHENTICATED>1</DEVICE_AUTHENTICATED>
<DEVICE_REMEMBERED>1</DEVICE_REMEMBERED>
</BLUETOOTH>
<CERTIFICATE>
<ISSUER>Microsoft Root Certificate Authority</ISSUER>
<START_DATE>5/10/2001 1:19:22 AM</START_DATE>
<END_DATE>5/10/2021 1:28:13 AM</END_DATE>
<SUBJECT>Microsoft Root Certificate Authority</SUBJECT>
</CERTIFICATE>
<VPNCONFIG>
<vpnPublicDemoCenter.ovpn>f4ad095860233cb7c5c804256ec23b91</vpnPublicDemoCenter.ovpn>
</VPNCONFIG>
</CONTENT>
</REQUEST>
- Automatically information mapped into tags
- Security center status
- Firewall -> ISS_FW tags
- Antivirus -> ISS_AV tags
- Software
- Regular software -> IAI tags
- Windows updates -> IAI_KB tags
- Hardware
- OS Version -> ROS / VOS tags
- Architecture -> ONC_ARCH tag
- BIT_LOCKER -> ISS Tag (if activated) / NCS Tag (if NOT activated)
- OS VM -> HDT Tag
- HDT_VMGUEST (If VM)
- HDT_BAREMETAL (if Baremetal)
- WIFI
- Bluetooth Device Available -> BDA Tags
- Bluetooth Device Connected -> BDC Tags
- Bluetooth
- WIFI SSID Available -> WSA Tags
- WIFI SSID Connected -> WCS Tags
The rest of the data can be processed and mapped into tags using the openNAC Agent Parser feature by setting Paths and Rules to process XML Agent data.
openNAC Agent Parser management can be accessed under Configuration > Agent > Parser
Note
For management information review Agent Parser.
openNAC Agent Parser - Paths¶
Parser Paths are required by Parser Rules to access XML data and compare the rule configured with the content.
To manage parser paths click on Paths tab after access to Configuration > Agent > Parser
To add new path click on “Add new” button.
You only need add the path to XML key.
Like you can see in the image, a path to get networks name is being created. CONTENT > NETWORKS > NAME.
The following lines shows the XML used for this example.
<REQUEST>
<CONTENT>
........
<NETWORKS>
<NAME>Local Area Connection 4</NAME>
........
</NETWORKS>
........
</CONTENT>
</REQUEST>
Note
Keep in mind: is possible that your desired path is already created in your openNAC Core as one of the default paths
openNAC Agent Parser - Rules¶
To manage parser paths click on Rules tab after access to Configuration > Agent > Parser
Note
Parser Paths are required by Parser Rules to access XML data and compare the rule configured with the content. Check the previous section to manage parser paths.
To add new Rule click on “Add new” button.
Like you can see in the image, the path CONTENT > NETWORKS > NAME is being used to get network names and compare the values to “Local Area Connection 4”. If network name “Local Area Connection 4” is found, a tag “CDT_LOCAL_AREA_4” will be created.
The following lines shows the XML used for this example.
<REQUEST>
<CONTENT>
........
<NETWORKS>
<NAME>Local Area Connection 4</NAME>
........
</NETWORKS>
........
</CONTENT>
</REQUEST>
In the next image you will see the tag “CDT_LOCAL_AREA_4” created using the procedure explained in this example.
