• 製品
  • 使用を開始する
  • 関連ドキュメント
  • リソース

Asset Discovery によって実行されるコマンド

Windows システムで使用されるコマンド

コマンド

コマンド タイプ

パターン

SELECT * FROM Win32_Product

WMIQuery

Windows_Application_Product.pat

Get-WmiObject Win32_Product

PowerShellExecute

Windows_Application_Product_PS.pat

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

WMIRegValueList

Windows_Application_Reg32.pat

Get-ChildItem -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\' | Select-Object PSChildName

ソフトウェア キーごとに、次のようになります。

Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{software}'

PowerShellExecute

Windows_Application_Reg32_PS.pat

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\

WMIRegValueList

Windows_Application_Reg64.pat

Get-ChildItem -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\' | Select-Object PSChildName

ソフトウェア キーごとに、次のようになります。

Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{software}'

PowerShellExecute

Windows_Application_Reg64_PS.pat

SELECT * FROM Win32_SoftwareFeature

WMIQuery

Windows_Application_SoftwareFeature.pat

Get-WmiObject Win32_SoftwareFeature

PowerShellExecute

Windows_Application_SoftwareFeature_PS.pat

SELECT * FROM Win32_Service

WMIQuery

Windows_ApplicationServices.pat

Get-WmiObject Win32_Service

PowerShellExecute

Windows_ApplicationServices_PS.pat

SELECT * FROM Win32_Processor

WMIQuery

Windows_CPUs.pat

Get-WmiObject Win32_Processor

PowerShellExecute

Windows_CPUs_PS.pat

docker ps -a --format "{{.ID}}"

各コンテナー:

docker inspect -f ""Name:{{println .Name}}" +
@"Image:{{println .Image}}" +
@"State:{{println .State.Status}}" +
@"Hostname:{{println .Config.Hostname}}"" + $containerId

docker stats --no-stream --format ""{{.MemUsage}}"" + $containerId

WMIQuery

Windows_Docker_Container.pat

docker ps -a --format "{{.ID}}"

各コンテナー:

docker inspect -f ""Name:{{println .Name}}" +
@"Image:{{println .Image}}" +
@"State:{{println .State.Status}}" +
@"Hostname:{{println .Config.Hostname}}"" + $containerId

docker stats --no-stream --format ""{{.MemUsage}}"" + $containerId

PowerShellExecute

Windows_Docker_Container_PS.pat

SELECT * FROM Win32_LogicalDisk WHERE DriveType = 3 or DriveType = 4

SELECT * FROM Win32_LogicalDiskToPartition

SELECT * FROM Win32_DiskDriveToDiskPartition

すべてのファイルシステム:

SELECT * FROM Win32_DiskDrive WHERE DeviceID LIKE "%{deviceId}"

WMIQuery

Windows_FileSystem.pat

Get-WmiObject Win32_LogicalDisk | Where-Object {$_.DriveType -eq '3' -or $_.DriveType -eq '4'}

Get-WmiObject Win32_LogicalDiskToPartition

Get-WmiObject Win32_DiskDriveToDiskPartition

すべてのファイルシステム:

Get-WmiObject Win32_DiskDrive | Where-Object {$_.DeviceID -match '{deviceId}'}

PowerShellExecute

Windows_FileSystem_PS.pat

SELECT * FROM Win32_ComputerSystem

WMIQuery

Windows_Hostinfo_Hostname_Model.pat

Get-WmiObject Win32_ComputerSystem

PowerShellExecute

Windows_Hostinfo_Hostname_Model_PS.pat

SELECT * FROM Win32_PhysicalMemory

WMIQuery

Windows_Hostinfo_RAM.pat

Get-WmiObject Win32_PhysicalMemory

PowerShellExecute

Windows_Hostinfo_RAM_PS.pat

SELECT StandardName FROM Win32_TimeZone

WMIQuery

Windows_Hostinfo_Timezone.pat

Get-WmiObject Win32_TimeZone | SELECT StandardName | Format-List

PowerShellExecute

Windows_Hostinfo_Timezone_PS.pat

netstat -n

WMIExecute

Windows_Hostinfo_ReferencedHosts.pat

Windows_Hostinfo_ReferencedHosts_PS.pat

SELECT * FROM Win32_BIOS

WMIQuery

Windows_Hostinfo_SerialNr.pat

Get-WmiObject Win32_BIOS

PowerShellExecute

Windows_Hostinfo_SerialNr_PS.pat

SELECT * FROM Win32_ComputerSystemProduct

WMIQuery

Windows_Hostinfo_Vendor_UUID.pat

Get-WmiObject Win32_ComputerSystemProduct

PowerShellExecute

Windows_Hostinfo_Vendor_UUID_PS.pat

SELECT * FROM Msvm_ComputerSystem

SELECT * FROM Msvm_SummaryInformation WHERE Name = '{0}'

WMIQuery

Windows_HyperV_VMs.pat

Get-WmiObject -Namespace root\virtualization\v2 Msvm_ComputerSystem

Get-WmiObject -Namespace root\virtualization\v2 Msvm_SummaryInformation | Where-Object {$_.Name -eq 'vmID'}

PowerShellExecute

Windows_HyperV_VMs_PS.pat

SELECT * FROM Win32_NetworkAdapterConfiguration Where IPEnabled=true



WMIQuery

Windows_NetworkInterfaces.pat

Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPEnabled -eq 'true'}

PowerShellExecute

Windows_NetworkInterfaces_PS.pat

SELECT * FROM Win32_OperatingSystem



WMIQuery

Windows_OS.pat

Windows_Hostinfo_SystemUpTime.pat

Get-WmiObject Win32_OperatingSystem

PowerShellExecute

Windows_OS_PS.pat

Windows_Hostinfo_SystemUpTime_PS.pat

SELECT * FROM Win32_QuickFixEngineering

WMIQuery

Windows_Patches.pat

Get-WmiObject Win32_QuickFixEngineering

PowerShellExecute

Windows_Patches_PS.pat

SELECT * FROM Win32_DesktopMonitor

WMIQuery

Windows_Peripherie_Monitor.pat

Get-WmiObject Win32_DesktopMonitor

PowerShellExecute

Windows_Peripherie_Monitor_PS.pat

SELECT * FROM Win32_Printer



WMIQuery

Windows_Peripherie_Printer.pat

Get-WmiObject Win32_Printer

PowerShellExecute

Windows_Peripherie_Printer_PS.pat

SELECT * FROM Win32_DiskDrive Where InterfaceType = "USB"



WMIQuery

Windows_Peripherie_USB_Storage.pat

Get-WmiObject Win32_DiskDrive | Where-Object {$_.InterfaceType -eq 'USB'}

PowerShellExecute

Windows_Peripherie_USB_Storage_PS.pat

SELECT * FROM Win32_VideoController

WMIQuery

Windows_Peripherie_VideoController.pat

Get-WmiObject Win32_VideoController

PowerShellExecute

Windows_Peripherie_VideoController_PS.pat

SOFTWARE\Microsoft\Windows NT\CurrentVersion

WMIRegValue

Windows_ProductKey.pat

Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion' | Select-Object DigitalProductId

PowerShellExecute

Windows_ProductKey_PS.pat

SELECT * FROM Win32_DiskDrive

WMIQuery

Windows_StorageDevice.pat

Get-WmiObject Win32_DiskDrive

PowerShellExecute

Windows_StorageDevice_PS.pat

SELECT * FROM Win32_ComputerSystem

フォールバック コマンド:

SELECT * from Win32_NetworkLoginProfile WHERE LastLogOn IS NOT NULL

WMIQuery

Windows_Hostinfo_Username.pat

Get-WmiObject Win32_ComputerSystem

フォールバック コマンド:

Get-WmiObject Win32_NetworkLoginProfile | Where-Object {$_.LastLogon -ne $null}

PowerShellExecute

Windows_Hostinfo_Username_PS.pat

wmic logicaldisk where drivetype=3 get caption | findstr ":"

すべてのドライブ:

dir {drive}\tomcat*.exe/s/b

見つかったすべての tomcat.exe ファイル:

{tomcat.exe}version.bat | findstr "server number"

フォールバック コマンド:

type {tomcat-path}RELEASE-NOTES | findstr /i /c:"tomcat version"

WMIExecute

Windows_Application_Tomcat.pat

wmic logicaldisk where drivetype=3 get caption | findstr ":"

すべてのドライブ:

dir -path {drive}\ -r -filter tomcat*.exe-ErrorAction SilentlyContinue | % fullname

見つかったすべての tomcat.exe ファイル:

& '{tomcat.exe}version.bat'| findstr "server number"

フォールバック コマンド:

type {tomcat-path}RELEASE-NOTES | findstr /i /c:"tomcat version"

PowerShellExecute

Windows_Application_Tomcat_PS.pat

SOFTWARE\Microsoft\Office

SOFTWARE\Wow6432Node\Microsoft\Office

各キー → サブ値:

\Registration\DigitalProductID

WMIRegValueList

Windows_Application_Office_ProductKey.pat

Get-ChildItem -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\' | Select-Object PSChildName

Get-ChildItem -Path 'Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\' | Select-Object PSChildName

各キー → サブ値:

\Registration\DigitalProductID

PowerShellExecute

Windows_Application_Office_ProductKey_PS.pat

wmic logicaldisk where drivetype=3 get caption | findstr ":"

すべてのドライブ:

dir {drive}\mysql.exe /s/b

見つかったすべての mysql.exe ファイル:

{mysql.exe} -u $$login$$ -p$$password$$ -e"SELECT table_schema AS "Database name", Round(Sum(data_length + index_length) / 1024 / 1024, 0)  AS "Size (MB)" FROM information_schema.TABLES GROUP BY table_schema;"

WMIExecute

Windows_Application_mySQL-DBs.pat

wmic logicaldisk where drivetype=3 get caption | findstr ":"

すべてのドライブ:

dir -path {drive}\ -r -filter mysql.exe -ErrorAction SilentlyContinue | % fullname

見つかったすべての mysql.exe ファイル:

& '{mysql.exe}'-u $$login$$ -p$$password$$ -e'SELECT table_schema AS \""Database name\"", Round(Sum(data_length + index_length) / 1024 / 1024, 0)  AS \""Size (MB)\"" FROM information_schema.TABLES GROUP BY table_schema;'

PowerShellExecute

Windows_Application_mySQL-DBs_PS.pat

sqlcmd -Q "SELECT http://DB.name,SUM(CASE WHEN type = 0 THEN MF.size * 8 / 1024 ELSE 0 END) AS DataFileSizeMB, SUM(CASE WHEN type = 1 THEN MF.size * 8 / 1024 ELSE 0 END) AS LogFileSizeMB FROM sys.master_filesMF JOIN sys.databases DB ON DB.database_id = MF.database_idGROUP BY DB.name"

WMIExecute

PowerShellExecute

Windows_Application_MSSQL-DBs.pat

Windows_Applic