Under Review

Live Discover Query to see the versions of any software installed on macOS

Hello Sophos Team,

I wanted a live discovery query that would retrieve the version of any software installed on macOS machines in my environment, as well as the hostname / IP of the machines.

The purpose of this query is to verify and patch all programs to the latest version and make sure there are no vulnerabilities affecting them.

Then, a result like Name, IP, version of the consulted software.

I appreciate the help you can give me.

  • Hi RaviSoni,
    Thank you very much for the quick answer.

    Really thank you very much for the help, this is excellent was what I was looking for.

    Thanks

  • You can search for any program with this query.

  • Yes, this is correct. A better way is usage of wildcard '%'  to match the program name would be much easier in this case. You can put a condition for name, bundle_executable or bundle_name as well.

    For example,

    WHERE
        name LIKE '%Chrome%'
    OR bundle_executable LIKE '%Chrome%'
    OR bundle_name LIKE '%Chrome%'

    Here is the complete query ready to use.

    /* DEFINE VARIABLE IN CENTRAL */
    -- VARIABLE    programName    STRING
    
    SELECT 
       name,
       path,
       bundle_executable,
       bundle_identifier,
       bundle_name,
       bundle_short_version,
       bundle_version,
       display_name
    FROM
       apps
    WHERE 
       name LIKE '%$$programName$$%'
    OR bundle_executable LIKE '%$$programName$$%'
    OR bundle_name LIKE '%$$programName$$%'

  • Hi RaviSoni,


    Thank you very much for the quick answer.

    Query and if I wanted to validate the specific version of some software, how could the query be structured?

    I tried it this way with the Google Chrome example:

    SELECT
            name,
            path,
            bundle_executable,
            bundle_short_version
    FROM
           apps
    WHERE
           bundle_executable LIKE 'Google Chrome'

    I don't know if it's the right way to do it.

    Thanks.

  • Hi Jairo,

    You can run the below query and get the desired details of the installed app in macOS.

    SELECT 
       name,
       path,
       bundle_executable,
       bundle_identifier,
       bundle_name,
       bundle_short_version,
       bundle_version,
       display_name
    FROM
       apps
       



    To get the machine IP details.

    SELECT
       friendly_name,
       interface,
       address,
       mask,
       broadcast,
       point_to_point,
       type
    FROM 
        interface_addresses
    WHERE 
        address LIKE '%.%.%.%' 
    AND address <> '127.0.0.1'