List installed applications Windows. This will show applications added to the windows system during the data lake period (Default is 7 days)
It needs to be tested
SCHEMA
| bundle_executable | string | Info properties CFBundleExecutable label |
| bundle_identifier | string | Info properties CFBundleIdentifier label |
| bundle_name | string | Info properties CFBundleName label |
| bundle_short_version | string | Info properties CFBundleShortVersionString label |
| bundle_version | string | Info properties CFBundleVersion label |
| category | string | The name of auditing Category which subcategory was changed. |
| copyright | string | Info properties NSHumanReadableCopyright label |
| display_name | string | Service Display name |
| info_string | string | Info properties CFBundleGetInfoString label |
| name | string | Name of the registry value entry |
| path | string |
Full path to the value |
-- installed_applications INFO SELECT -- Device ID DETAILS meta_hostname, meta_ip_address, -- Query Details query_name, bundle_executable, bundle_identifier, bundle_name, bundle_short_version, bundle_version, category, copyright, display_name, info_string, name, path, -- Decoration meta_boot_time, meta_eid, meta_endpoint_type, meta_ip_mask, meta_mac_address, meta_os_name, meta_os_platform, meta_os_type, meta_os_version, meta_public_ip, meta_query_pack_version, meta_username, --- Generic calendar_time, counter, epoch, host_identifier, numerics osquery_action, unix_time, -- Data Lake customer_id, endpoint_id, upload_size FROM xdr_data WHERE query_name = 'installed_applications'
RESULTS
