evidence

FlexNet Manager Suite uses evidence information to identify applications installed or accessed within your enterprise. The evidence information is collected as a part of the inventory collection process. The Application Recognition Library is then used to recognize applications from the collected evidence. An application installation is determined from installer, file or WMI evidence; whereas an application access event is determined from an access evidence.

Evidence types

FlexNet Manager Suite collects the following evidence types:
  • Installer evidence:

    Installer evidence is collected from a local (device-based) list of installed applications, such as Add/Remove Programs or MSI. While installer evidence is typically used as the primary method of application recognition for Windows, it is less commonly available on UNIX (although some UNX installer packages allow corresponding functionality). Application usage may also be reported as installer evidence (strictly, the FlexNet inventory agent monitors processes to identify running executable files, looks up these files in the local installer records, and then reports usage against the installer evidence).

  • File evidence:

    File evidence is simply a file that is found on a computer. It may simply be the name of the file, or the information found within the file (such as with ISO-compliant software identification [SWID] tags). File evidence may be used when installer evidence is not strong enough to sufficiently identify the installed application, and may be combined with installer evidence to improve the chance of recognition.

  • Access evidence:

    Access evidence information is collected in a separate file (.swacc) as a part of the discovery and inventory process. This evidence identifies access to a particular server application such as Microsoft SharePoint Server. When linked to an application, the access evidence records any access to the linked server application. In addition to the accessed application, an access evidence record also records accessing user and accessing device. Access evidence is collected through various services including User Access Logging (UAL) and PowerShell scripts for some products.

    Note: This evidence is only generated for inventory devices with the supported server products installed on Windows Server 2012 or later, and for which Microsoft’s User Access Logging (UAL) capability has been enabled.
  • WMI evidence:

    WMI evidence is used to recognize operating systems, and also as an inventory plug-in to recognize special applications such as Microsoft SQL Server. The link between WMI (and more broadly, WBEM) evidence and operating system applications is pre-loaded from Application Recognition Library. You cannot modify WBEM evidence records.

  • Application evidence:

    Application evidence is used for tracking application suites (for example, Microsoft Excel is an application, which may be evidence of the Microsoft Office suite). Suites are a collection of applications that are sold as a combined unit (although sometimes the individual applications are also sold separately).

    Note: This evidence is only visible on the Evidence tab (see Evidence Tab: Installer Evidence) of the application properties.

Linking evidence to application

Evidence may be linked to an application by three methods:

  • The Application Recognition Library (ARL) contains a lot of evidence rules created by associating real inventory from installations with application definitions. Using ARL definitions is by far the simplest method, and the ARL is updated regularly to include previously unrecognized evidence.
  • If you already have an application defined, you can open its properties dialog box, and use one of the Installer Evidence, File Evidence, or WMI Evidence tabs to link to evidence you select there. (For a suite, you can also link to Application Evidence in a similar way.)
  • For installer and file evidence, you can review the list of unassigned evidence that did not match any existing evidence rule, and assign selected evidence to an application (if necessary defining a new application for the purpose).