-
Notifications
You must be signed in to change notification settings - Fork 1
Software Usage
C3 Software Usage is an application usage tracking tool for Windows. C3 Software Usage extracts and transforms Applocker logs making them useful for application usage tracking. It also saves the logs in its own format so that your application usage tracking isn't limited to the applocker log history and you aren't stuck making incredibly slow event log queries. The resulting XML database file is incredibly fast to query (milliseconds) and search and provides the information you care about relating to software usage while only taking up between 20kb and 500kb of disk space.
C3 Software Usage is fast with the initial import, extract, transform, and load taking 8-20 seconds and deltas performed from there-on-out often requiring just milliseconds to complete.
There are a small number of steps required to successfully implement C3 Software Usage:
- Enable Applocker using C3 Protect
- Invoke the C3 Software Usage Analyzer
- Activate the C3 Software Usage Analyses
The first step to using C3 Software Usage is to enable Applocker. You can do this with Group Policy and guides are available elsewhere to do that. You can also enable Applocker using the content in C3 Protect with instructions available here: https://github.com/strawgate/C3-Protect/wiki/Applocker
Once you've got Applocker logs flowing in you're ready to move on to the next step
In the C3 Software Usage site find the Fixlet: Invoke - Analyze Application Usage - Windows and action it against your endpoints. You should Dynamically Target your devices and you should re-apply whenever relevant waiting anywhere from 4-24 hours between re-applications.
If this step works you will find a new folder in the BES Client Directory here: __BESData\__Global\C3AppUsage
In this folder you will find AppUsage.xml which stores the application usage information in a format that is easily read by relevance.
In the C3 Software Usage site simply activate all of the analyses.