Under Review

windows_updates_patch

windows_updates_patch

SCHEMA

caption string Short description of the patch
description string Plugin description text
hotfix_id string The kb article ID for the update
installed_by string The system context in which the patch as installed
installed_on string The date when the patch was installed 

-- windows_updates_patch INFO
SELECT 
   -- Device ID DETAILS
   meta_hostname, meta_ip_address, 

   -- Query Details
   query_name, caption, description, hotfix_id, installed_by,
   installed_on,

   -- Decoration 
   meta_boot_time, meta_eid, meta_endpoint_type, 
   meta_ip_mask, meta_mac_address, meta_os_name, meta_os_platform, meta_os_type,
   meta_os_version, meta_public_ip, meta_query_pack_version, meta_username,

   --- Generic
   calendar_time, counter, epoch, host_identifier, numerics
   osquery_action, unix_time,

   -- Data Lake
   customer_id, endpoint_id, upload_size

FROM xdr_data
WHERE query_name = 'windows_updates_patch'

RESULTS

+-----------------+-------------------+-----------------------+-----------------------------------------------+-----------------+-------------+---------------------+----------------+------------------+--------------------------------------+----------------------+----------------+--------------------+------------------------------+--------------------+----------------+-------------------+------------------+---------------------------+-----------------+----------------------+-----------+------------+-------------------+------------------+----------------------+--------------------------------------+--------------------------------------+---------------+
| meta_hostname   | meta_ip_address   | query_name            | caption                                       | description     | hotfix_id   | installed_by        | installed_on   |   meta_boot_time | meta_eid                             | meta_endpoint_type   | meta_ip_mask   | meta_mac_address   | meta_os_name                 | meta_os_platform   | meta_os_type   | meta_os_version   | meta_public_ip   | meta_query_pack_version   | meta_username   | calendar_time        |   counter |      epoch | host_identifier   | osquery_action   | unix_time            | customer_id                          | endpoint_id                          |   upload_size |
|-----------------+-------------------+-----------------------+-----------------------------------------------+-----------------+-------------+---------------------+----------------+------------------+--------------------------------------+----------------------+----------------+--------------------+------------------------------+--------------------+----------------+-------------------+------------------+---------------------------+-----------------+----------------------+-----------+------------+-------------------+------------------+----------------------+--------------------------------------+--------------------------------------+---------------|
| Victim5-Win10   | 192.168.100.129   | windows_updates_patch | http://support.microsoft.com/?kbid=4576484    | Update          | KB4576484   | NT AUTHORITY\SYSTEM | 9/14/2020      |       1601910607 | 099242c2-3595-94e0-891c-51a7ee2659c8 | computer             | 255.255.255.0  | 00:0c:29:56:e8:01  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T15:42:45Z |         0 | 1602413479 | Victim5-Win10     | False            | 2020-10-11T15:42:45Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 9029242c-5359-490e-98c1-157aee62958c |           807 |
| Victim5-Win10   | 192.168.100.129   | windows_updates_patch | http://support.microsoft.com/?kbid=4497165    | Update          | KB4497165   | NT AUTHORITY\SYSTEM | 6/8/2020       |       1601910607 | 099242c2-3595-94e0-891c-51a7ee2659c8 | computer             | 255.255.255.0  | 00:0c:29:56:e8:01  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T15:42:45Z |         0 | 1602413479 | Victim5-Win10     | False            | 2020-10-11T15:42:45Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 9029242c-5359-490e-98c1-157aee62958c |           806 |
| Victim5-Win10   | 192.168.100.129   | windows_updates_patch | http://support.microsoft.com/?kbid=4516115    | Security Update | KB4516115   | NT AUTHORITY\SYSTEM | 2/11/2020      |       1601910607 | 099242c2-3595-94e0-891c-51a7ee2659c8 | computer             | 255.255.255.0  | 00:0c:29:56:e8:01  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T15:42:45Z |         0 | 1602413479 | Victim5-Win10     | False            | 2020-10-11T15:42:45Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 9029242c-5359-490e-98c1-157aee62958c |           816 |
| Victim5-Win10   | 192.168.100.129   | windows_updates_patch | http://support.microsoft.com/?kbid=4517245    | Update          | KB4517245   | NT AUTHORITY\SYSTEM | 2/11/2020      |       1601910607 | 099242c2-3595-94e0-891c-51a7ee2659c8 | computer             | 255.255.255.0  | 00:0c:29:56:e8:01  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T15:42:45Z |         0 | 1602413479 | Victim5-Win10     | False            | 2020-10-11T15:42:45Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 9029242c-5359-490e-98c1-157aee62958c |           807 |
| Victim5-Win10   | 192.168.100.129   | windows_updates_patch | http://support.microsoft.com/?kbid=4524244    | Security Update | KB4524244   | NT AUTHORITY\SYSTEM | 2/13/2020      |       1601910607 | 099242c2-3595-94e0-891c-51a7ee2659c8 | computer             | 255.255.255.0  | 00:0c:29:56:e8:01  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T15:42:45Z |         0 | 1602413479 | Victim5-Win10     | False            | 2020-10-11T15:42:45Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 9029242c-5359-490e-98c1-157aee62958c |           816 |
| Victim5-Win10   | 192.168.100.129   | windows_updates_patch | http://support.microsoft.com/?kbid=4528759    | Security Update | KB4528759   | NT AUTHORITY\SYSTEM | 2/11/2020      |       1601910607 | 099242c2-3595-94e0-891c-51a7ee2659c8 | computer             | 255.255.255.0  | 00:0c:29:56:e8:01  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T15:42:45Z |         0 | 1602413479 | Victim5-Win10     | False            | 2020-10-11T15:42:45Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 9029242c-5359-490e-98c1-157aee62958c |           816 |
| Victim5-Win10   | 192.168.100.129   | windows_updates_patch | http://support.microsoft.com/?kbid=4537759    | Security Update | KB4537759   | NT AUTHORITY\SYSTEM | 2/13/2020      |       1601910607 | 099242c2-3595-94e0-891c-51a7ee2659c8 | computer             | 255.255.255.0  | 00:0c:29:56:e8:01  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T15:42:45Z |         0 | 1602413479 | Victim5-Win10     | False            | 2020-10-11T15:42:45Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 9029242c-5359-490e-98c1-157aee62958c |           816 |
| Victim5-Win10   | 192.168.100.129   | windows_updates_patch | http://support.microsoft.com/?kbid=4538674    | Security Update | KB4538674   | NT AUTHORITY\SYSTEM | 2/12/2020      |       1601910607 | 099242c2-3595-94e0-891c-51a7ee2659c8 | computer             | 255.255.255.0  | 00:0c:29:56:e8:01  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T15:42:45Z |         0 | 1602413479 | Victim5-Win10     | False            | 2020-10-11T15:42:45Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 9029242c-5359-490e-98c1-157aee62958c |           816 |
| Victim5-Win10   | 192.168.100.129   | windows_updates_patch | http://support.microsoft.com/?kbid=4541338    | Security Update | KB4541338   | NT AUTHORITY\SYSTEM | 3/26/2020      |       1601910607 | 099242c2-3595-94e0-891c-51a7ee2659c8 | computer             | 255.255.255.0  | 00:0c:29:56:e8:01  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T15:42:45Z |         0 | 1602413479 | Victim5-Win10     | False            | 2020-10-11T15:42:45Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 9029242c-5359-490e-98c1-157aee62958c |           816 |
| Victim5-Win10   | 192.168.100.129   | windows_updates_patch | http://support.microsoft.com/?kbid=4552152    | Security Update | KB4552152   | NT AUTHORITY\SYSTEM | 5/1/2020       |       1601910607 | 099242c2-3595-94e0-891c-51a7ee2659c8 | computer             | 255.255.255.0  | 00:0c:29:56:e8:01  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T15:42:45Z |         0 | 1602413479 | Victim5-Win10     | False            | 2020-10-11T15:42:45Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 9029242c-5359-490e-98c1-157aee62958c |           815 |
| Victim5-Win10   | 192.168.100.129   | windows_updates_patch | http://support.microsoft.com/?kbid=4559309    | Update          | KB4559309   | NT AUTHORITY\SYSTEM | 7/9/2020       |       1601910607 | 099242c2-3595-94e0-891c-51a7ee2659c8 | computer             | 255.255.255.0  | 00:0c:29:56:e8:01  | Microsoft Windows 10 Pro     | windows            | client         | 10.0.18363        | 73.69.54.187     | 1.1.12                    | Admin           | 2020-10-11T15:42:45Z |         0 | 1602413479 | Victim5-Win10     | False            | 2020-10-11T15:42:45Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 9029242c-5359-490e-98c1-157aee62958c |           806 |

Karl_Ackerman
Unfiltered HTML