Saturday, September 24, 2011

VBScript Resources

For the past few weeks at work, we have been doing some preventative response work on all the workstations across our enterprise environment.

The response was based on log-file results…only a problem was that sometimes the result descriptions we were being provided with either didn’t make logical sense or match what we observed when we manually checked some of the aberrantly reported systems.

I really don’t like chasing shadows, so I set out to find the mechanism generating the raw report data/logs which got re-canned into the report we had to respond to.

Not only did I find it (pretty easily) but I also found where it dumped the raw file daily.  So now we could pre-pull and assemble our own report at least a week faster than the canned report we were using got generated/refreshed. Sweet.

Finding the source, I discovered that the raw log file collector was actually a very nicely coded VBScript. (BTW, did you catch that Nir Sofer released a new CSV/Tab-Delimited file viewer and converter utility? And that MANDIANT announced a new release of their free Highlighter utility?)

Once I had a copy of it, I could then pick it apart to understand exactly what was actually being reported (source) and what the labels provided (on the canned report) actually meant.

Turns out, most of it was pretty close, but because of what the actual data-points are collected off the system, the way the application called to generate the raw-result returns, and those returns are manipulated to generate the report, the labels might not be “logically accurate” as they could be in technical matters, although they may be “practically accurate” for the machine status items being measured and concerned with.

So now our response teams know what the report is “really” telling them, we can all prioritize our responses a bit more finely.

Only to get to that point of really understanding what the VBScript was doing--remember IANAC (I am not a coder)--I had to get up to speed with some VBScript fundamentals.

So in doing so, I found these VBScript resources to be awesome in the process.  Many are in PDF and/or DOC format so you can keep them handy.


--Claus V.

No comments: