windows_programs
SCHEMA
| identifying_number | string | Product identification such as a serial number on software, or a die number on a hardware chip |
| install_date | string | Date that this product was installed on the system |
| install_source | string | The installation source of the product |
| language | string | The language of the product |
| name | string | Name of the registry value entry |
| publisher | string | Name of the product supplier |
| version | string | Plugin short version |
-- windows_programs INFO SELECT -- Device ID DETAILS meta_hostname, meta_ip_address, -- Query Details query_name, identifying_number, install_date, install_source, language, name, publisher, version, -- Decoration meta_boot_time, meta_eid, meta_endpoint_type, meta_ip_mask, meta_mac_address, meta_os_name, meta_os_platform, meta_os_type, meta_os_version, meta_public_ip, meta_query_pack_version, meta_username, --- Generic calendar_time, counter, epoch, host_identifier, numerics osquery_action, unix_time, -- Data Lake customer_id, endpoint_id, upload_size FROM xdr_data WHERE query_name = 'windows_programs'
RESULTS
+-----------------+-------------------+------------------+----------------------------------------+----------------+------------------------------------------------------------------------------+------------+---------------------------------------------------------------------------------------------------+----------------------------+-----------------+------------------+--------------------------------------+----------------------+----------------+--------------------+------------------------------+--------------------+----------------+-------------------+------------------+---------------------------+-----------------+----------------------+-----------+------------+-------------------+------------------+----------------------+--------------------------------------+--------------------------------------+---------------+
| meta_hostname | meta_ip_address | query_name | identifying_number | install_date | install_source | language | name | publisher | version | meta_boot_time | meta_eid | meta_endpoint_type | meta_ip_mask | meta_mac_address | meta_os_name | meta_os_platform | meta_os_type | meta_os_version | meta_public_ip | meta_query_pack_version | meta_username | calendar_time | counter | epoch | host_identifier | osquery_action | unix_time | customer_id | endpoint_id | upload_size |
|-----------------+-------------------+------------------+----------------------------------------+----------------+------------------------------------------------------------------------------+------------+---------------------------------------------------------------------------------------------------+----------------------------+-----------------+------------------+--------------------------------------+----------------------+----------------+--------------------+------------------------------+--------------------+----------------+-------------------+------------------+---------------------------+-----------------+----------------------+-----------+------------+-------------------+------------------+----------------------+--------------------------------------+--------------------------------------+---------------|
| Victim3-EDR | 192.168.100.143 | windows_programs | | | | | Adobe Flash Player 16 ActiveX | Adobe Systems Incorporated | 16.0.0.235 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 812 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | | | | Microsoft Office Enterprise 2007 | Microsoft Corporation | 12.0.6612.1000 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 814 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | 20201013 | | | Google Chrome | Google LLC | 86.0.4240.75 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 790 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | | | | HitmanPro.Alert 3 (managed by Sophos) | SurfRight B.V. | 3.7.17.321 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 808 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | 20200709 | | | Microsoft Edge | Microsoft Corporation | 83.0.478.50 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 801 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | | | | Microsoft Edge Update | | 1.3.129.37 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 778 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | 20200915 | | 1033 | Sophos Clean | Sophos Limited | 3.8.10.1 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 793 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | 20200915 | | | Sophos Endpoint Agent | Sophos Limited | 2.10.7 XDR BETA | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 805 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | 20201013 | | | Sophos Endpoint Defense | Sophos Limited | 2.2.5.648 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 801 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | | | | Sophos Live Query | Sophos Limited | 3.0.0.398 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 787 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | 20200826 | | | Sophos Live Terminal | Sophos Limited | 1.2.4.0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 796 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | | | | Sophos ML Engine | Sophos Limited | 1.5.3 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 782 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | | | | Sophos Standalone Engine | Sophos Limited | 1.6.8 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 790 |
| Victim3-EDR | 192.168.100.143 | windows_programs | | | | | Sophos Tester 3 | SurfRight B.V. | 3.2.0.12 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 784 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {0B06C05B-0069-4FE8-AC19-AAF6678FD0A8} | 20181102 | C:\Users\test\Downloads\ | 1033 | PuTTY release 0.70 | Simon Tatham | 0.70.0.0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 863 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {1AC3C833-D493-460C-816F-D26F30F79DC3} | 20201006 | C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\savxp\ | 1033 | Sophos Anti-Virus | Sophos Limited | 10.8.9.610 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 898 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} | 20160912 | c:\6e534177d8ca0abfd1739495b02e04\ | 1033 | Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 | Microsoft Corporation | 9.0.30729.4148 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 930 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {1FBBCD17-2403-4794-B2A8-A3ADDD3B0AF8} | 20200923 | C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sau\ | 1033 | Sophos AutoUpdate XG | Sophos Limited | 6.6.144.0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 898 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {2831282D-8519-4910-B339-2302840ABEF3} | 20200424 | C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\efw\ | 1033 | Sophos Endpoint Firewall | Sophos Limited | 1.2.0.17 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 901 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {2C14E1A2-C4EB-466E-8374-81286D723D3A} | 20201008 | C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\mcsep | 1033 | Sophos Management Communications System | Sophos Limited | 4.12.686.0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 918 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {2D2A1891-4657-4E6F-9373-BFCE4C9AC5BA} | 20201005 | C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\ntp\ | 1033 | Sophos Network Threat Protection | Sophos Limited | 1.10.1051.0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 912 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {4EFCDD15-24A2-4D89-84A4-857D1BF68FA8} | 20200716 | C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\esh\ | 1033 | Sophos Endpoint Self Help | Sophos Limited | 2.3.13.0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 902 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} | 20200326 | C:\Program Files\Google\Update\1.3.35.452\ | 1033 | Google Update Helper | Google LLC | 1.3.35.451 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 884 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {8078549C-CFF0-48C5-9B77-6BA48A14673D} | 20200826 | C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\sdu\ | 1033 | Sophos Diagnostic Utility | Sophos Limited | 6.5.238.0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 903 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {80D18B7B-8DF1-4BCA-901F-BEC86BAE2774} | 20200410 | C:\ProgramData\Sophos\AutoUpdate\Cache\decoded\shs\ | 1033 | Sophos Health | Sophos Limited | 2.4.7.0 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 889 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {866151B2-E14E-40E0-B6D9-64B1D428F5CB} | 20201006 | | 1033 | Sophos Exploit Prevention | Sophos Limited | 3.8.0.523 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 845 |
| Victim3-EDR | 192.168.100.143 | windows_programs | {8c3f057e-d6a6-4338-ac6a-f1c795a6577b} | | | | Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.20.27508 | Microsoft Corporation | 14.20.27508.1 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-13T14:42:20Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-13T14:42:20Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 885 |
