RN200943: Example Python custom inventory script that gathers WMI information

Introduction

One of the method's that Raynet One allows you to extend it's inventory capabilities is through custom inventory scripts.  The following Python scripts gather information about a devices desktop monitor and applications that were installed from the Microsoft Store. 

 

Win32_DesktopMonitor Script

Description

This Python script gathers certain properties from the Win32_DesktopMonitor WMI class. 

Script

PythonConnector.info("Querying Win32_DesktopMonitor WMI class")

# Properties to retrieve
properties = ["DeviceID", "Availability", "Caption", "MonitorType", "Name", "MonitorManufacturer", "PixelsPerXLogicalInch", "PixelsPerYLogicalInch", "PNPDeviceID", "Status"]

# Build WMIC command to get those properties separated by commas
wmic_props = ",".join(properties)
cmd = f'wmic desktopmonitor get {wmic_props} /format:list'

PythonConnector.info(f"Running command: {cmd}")
output_lines = PythonConnector.run(cmd)

# Parse the output into records
monitors = []
monitor = {}
for line in output_lines:
line = line.strip()
if line == "":
# End of one monitor record
if monitor:
monitors.append(monitor)
monitor = {}
else:
if "=" in line:
key, val = line.split("=", 1)
if key in properties:
monitor[key] = val

# Add each monitor as an item with those properties
for mon in monitors:
item = PythonConnector.create_item("DesktopMonitor", mon.get("DeviceID", "UnknownMonitor"), True)
PythonConnector.add_property("Evidence", "PY", item)
for prop in properties:
val = mon.get(prop, "N/A")
PythonConnector.add_property(prop, val, item)
PythonConnector.add_item(item)

PythonConnector.info(f"Found and added {len(monitors)} desktop monitor(s)")

Staged Results

 

Win32_InstalledStoreProgram Script

Description

This Python script gathers all properties from the Win32_DesktopMonitor WMI class. 

Script

# PythonConnector WMI Store Program Inventory Script
PythonConnector.info("Starting WMIC Win32_InstalledStoreProgram inventory")

def collect_store_programs():
cmd = 'wmic path Win32_InstalledStoreProgram get /format:list'
raw_output = PythonConnector.run(cmd, True)

# Combine multi-line command output into a single string
output_str = "\n".join(raw_output).strip()

if not output_str:
PythonConnector.warn("No output returned from WMIC command")
return

programs = output_str.split("\n\n")
for program in programs:
lines = program.strip().splitlines()
props = {}
for line in lines:
if "=" in line:
key, value = line.split("=", 1)
props[key.strip()] = value.strip()

if props:
# Create inventory item with default name (e.g., ProgramId or PackageName if available)
name = props.get("PackageName") or props.get("ProgramId") or "InstalledStoreProgram"
item = PythonConnector.create_item("InstalledStoreProgram", name)

# Add all properties to the item
for key, value in props.items():
PythonConnector.add_property(key, value, item)

# Optional evidence tags
PythonConnector.add_property("Evidence", "WMI", item)

# Submit the item
PythonConnector.add_item(item)

try:
collect_store_programs()
PythonConnector.info("Inventory collection completed successfully")
except Exception as e:
PythonConnector.error(f"An error occurred: {str(e)}")

Staged Results

Alex Graf -

Comments

Powered by Zendesk