The browser_plugins for Microsoft EDGE information from each device.
We extend the browser_plugins query results with the common decorations, generic and data lake information available for all scheduled queries.
browser_plugins Scheduled Query Schema
| description | string | Plugin description text |
| identifier | string | Plugin identifier |
| name | string | Name of the registry value entry |
| path | string | Full path to the value |
| uid | long | The local user that owns the plugin |
| version | string | Plugin short version |
-- browser_plugins INFO SELECT -- Device ID DETAILS meta_hostname, meta_ip_address, -- Query Details query_name, description, identifier, name, path, uid, version, -- Decoration meta_boot_time, meta_eid, meta_endpoint_type, meta_ip_mask, meta_mac_address, meta_os_name, meta_os_platform, meta_os_type, meta_os_version, meta_public_ip, meta_query_pack_version, meta_username, --- Generic calendar_time, counter, epoch, host_identifier, numerics osquery_action, unix_time, -- Data Lake customer_id, endpoint_id, upload_size FROM xdr_data WHERE query_name = 'browser_plugins'
I happen to be using chrome, so I have no MS Edge plugins/extensions. If someone can test this that would be great.
Thanks
Karl
