Definition of Fingerprints

<< Click to Display Table of Contents >>

RayVentory Catalog > 12.6 > User Guide > Overview 

Definition of Fingerprints

RayVentory Catalog contains a database and recognition information for popular and enterprise applications. It provides a structured set of properties, enriching typical set of data found in popular CMDB databases and deployment systems (for example extra information about release dates, licenses, functions, vulnerabilities, etc.).

 

Recognition

The recognition process may be done in different ways, but most of the use cases involve direct integration capabilities in RayVentory Data Hub which contains a dedicated connector to fetch and normalize the data based on RayVentory Catalog. The other two - albeit less frequently used choices - involve command line utilities or direct calls to REST APIs provided by the tool.

 

Fingerprints

The basic recognition unit is a fingerprint. A fingerprint is a set of data that describes the software. It should consist of at least two or three properties:

 

Application name

Application version

Software manufacturer [optional for Unix packages]

 

FingerprintExample

 

For better recognition and to avoid misidentification the following extra properties can be provided:

 

Type - [integer] The type of the fingerprint (see the Fingerprint Type paragraph).

Edition - [string] The edition of the product.

Language - [string] the language of the fingerprint (see the Fingerprint Language paragraph).

LanguageCode - [integer] A 32-bit value that identifies a particular language (see the Fingerprint LanguageCode paragraph).

ProductCode - [string] The ProductCode of the product (only applies for MSI packages).

Path - [string] The path of the fingerprint (see the Fingerprint Path paragraph).

Payload - [string] The part of the transmitted data that carries the message (see Fingerprint Payload paragraph).

 

Fingerprint Type

The source of the fingerprint is stored in the Type property. It can take the integer value for the type as listed in the following table.

 

Value

Fingerprint Type

2

Registry

3

MSI

4

ARP

5

Non-Windows

6

SWID Tag

7

Operating System

8

Winget

9

File

 

Fingerprint Language

The Language property in the fingerprint object takes a string value to represent the name of the language. For example:

 

English

German

French

Spanish

Polish

 

Fingerprint LanguageCode

The LanguageCode property is an integer value that identifies a fingerprint according to the LCID (Local ID) Decimals code defined by Microsoft Windows (see the official Microsoft documentation for additional information). The table below contains a number of examples:

 

Name of the Language (in English)

LCID Decimal

English - United States

1033

English - United Kingdom

2057

German - Germany

1031

German - Austria

3079

French - France

1036

French - Belgium

2060

Spanish - Spain (Traditional Sort)

1034

Spanish - Spain (Modern Sort)

3082

Polish

1045

 

Fingerprint Path

The Path property is a string value that is mainly used for 3 types of fingerprints:

 

1.Registry (type = 2) - the location path to the Windows Registry
Example:
HKLM32\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DAB68466-3AZD-41A8-A5CF-415E3FF8EF71}

2.Winget (type = 8) - the relative path to teh package within the Winget official repository
Example:
/Google/Chrome/103.0.5060.66/

3.File (type = 9) - the file location path which includes the filename
Example:
C:\Users\{username}\AppData\Local\GoToMeeting\18962\g2mcomm.exe

 

Fingerprint Payload

The payload is the part of the transmitted data which contains the crucial information that the user provides to the server when making an API request. The payload can be sent or received in various formats including JSON. It may be a JSON object, JSON array, or any valid JSON token (see example below).

 

{

 'commitId': 'd53935606f130bc99dd8ace491a819f706076057',

 'releaseDate': '2022-02-15',

 'shortDescription': 'Open-source MSIX manager and toolkit',

 'license': 'GNU General Public License v3.0',

 'homePage': 'https://msixhero.net/',

 'packageFamilyName': 'MSIXHero_zxq1da1qqbeze',

 'installers':

 [

   {

    'type': 'MSIX',

    'Architecture': 'x64',

    'InstallerUrl': 'https://desktop.docker.com/win/main/amd64/74721/Docker%20Desktop%20Installer.exe',

    'InstallerSha256': 'BE3BB5F9983B665869C0128B387CAEF4C3784650DEB74C68BB63798C5DF008FE'

   }

 ]

}

 

At the moment, the Payload property is only used within the Winget fingerprints and provides some detailed information about the package.

 

Recognition Status

A fingerprint can be sent to RayVentory Catalog for recognition. Therefore a fingerprint can have three different states:

 

normalized: No similar fingerprint could be found within the database therefore a normalized fingerprint is returned.

recognized: Exactly the same or a similar fingerprint has been found therefore all the available information for this software is being returned.

ignored: This fingerprint has been found in the database but it has been marked as ignored (the reason for the ignore will also be returned).