<< Click to Display Table of Contents >> RayVentory Catalog > 12.6 > User Guide > Overview Definition of Fingerprints |
RayVentory Catalog contains a database and recognition information for popular and enterprise applications. It provides a structured set of properties, enriching typical set of data found in popular CMDB databases and deployment systems (for example extra information about release dates, licenses, functions, vulnerabilities, etc.).
The recognition process may be done in different ways, but most of the use cases involve direct integration capabilities in RayVentory Data Hub which contains a dedicated connector to fetch and normalize the data based on RayVentory Catalog. The other two - albeit less frequently used choices - involve command line utilities or direct calls to REST APIs provided by the tool.
The basic recognition unit is a fingerprint. A fingerprint is a set of data that describes the software. It should consist of at least two or three properties:
•Application name
•Application version
•Software manufacturer [optional for Unix packages]
For better recognition and to avoid misidentification the following extra properties can be provided:
•Type - [integer] The type of the fingerprint (see the Fingerprint Type paragraph).
•Edition - [string] The edition of the product.
•Language - [string] the language of the fingerprint (see the Fingerprint Language paragraph).
•LanguageCode - [integer] A 32-bit value that identifies a particular language (see the Fingerprint LanguageCode paragraph).
•ProductCode - [string] The ProductCode of the product (only applies for MSI packages).
•Path - [string] The path of the fingerprint (see the Fingerprint Path paragraph).
•Payload - [string] The part of the transmitted data that carries the message (see Fingerprint Payload paragraph).
The source of the fingerprint is stored in the Type property. It can take the integer value for the type as listed in the following table.
Value |
Fingerprint Type |
---|---|
2 |
Registry |
3 |
MSI |
4 |
ARP |
5 |
Non-Windows |
6 |
SWID Tag |
7 |
Operating System |
8 |
Winget |
9 |
File |
The Language property in the fingerprint object takes a string value to represent the name of the language. For example:
•English
•German
•French
•Spanish
•Polish
The LanguageCode property is an integer value that identifies a fingerprint according to the LCID (Local ID) Decimals code defined by Microsoft Windows (see the official Microsoft documentation for additional information). The table below contains a number of examples:
Name of the Language (in English) |
LCID Decimal |
---|---|
English - United States |
1033 |
English - United Kingdom |
2057 |
German - Germany |
1031 |
German - Austria |
3079 |
French - France |
1036 |
French - Belgium |
2060 |
Spanish - Spain (Traditional Sort) |
1034 |
Spanish - Spain (Modern Sort) |
3082 |
Polish |
1045 |
The Path property is a string value that is mainly used for 3 types of fingerprints:
1.Registry (type = 2) - the location path to the Windows Registry
Example:
HKLM32\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DAB68466-3AZD-41A8-A5CF-415E3FF8EF71}
2.Winget (type = 8) - the relative path to teh package within the Winget official repository
Example:
/Google/Chrome/103.0.5060.66/
3.File (type = 9) - the file location path which includes the filename
Example:
C:\Users\{username}\AppData\Local\GoToMeeting\18962\g2mcomm.exe
The payload is the part of the transmitted data which contains the crucial information that the user provides to the server when making an API request. The payload can be sent or received in various formats including JSON. It may be a JSON object, JSON array, or any valid JSON token (see example below).
{ 'commitId': 'd53935606f130bc99dd8ace491a819f706076057', 'releaseDate': '2022-02-15', 'shortDescription': 'Open-source MSIX manager and toolkit', 'license': 'GNU General Public License v3.0', 'homePage': 'https://msixhero.net/', 'packageFamilyName': 'MSIXHero_zxq1da1qqbeze', 'installers': [ { 'type': 'MSIX', 'Architecture': 'x64', 'InstallerUrl': 'https://desktop.docker.com/win/main/amd64/74721/Docker%20Desktop%20Installer.exe', 'InstallerSha256': 'BE3BB5F9983B665869C0128B387CAEF4C3784650DEB74C68BB63798C5DF008FE' } ] } |
At the moment, the Payload property is only used within the Winget fingerprints and provides some detailed information about the package.
A fingerprint can be sent to RayVentory Catalog for recognition. Therefore a fingerprint can have three different states:
•normalized: No similar fingerprint could be found within the database therefore a normalized fingerprint is returned.
•recognized: Exactly the same or a similar fingerprint has been found therefore all the available information for this software is being returned.
•ignored: This fingerprint has been found in the database but it has been marked as ignored (the reason for the ignore will also be returned).