This query is one you are recommended to read the full content of the post to use. It is not simply a copy and paste query, like others in the forum. It is valuable in the right situation.
Hello Sophos Team,
I wanted a live discovery query that would retrieve the version of any software installed on macOS machines in my environment, as well as the hostname / IP of the machines.
The purpose of this query is to verify and patch all programs to the latest version and make sure there are no vulnerabilities affecting them.
Then, a result like Name, IP, version of the consulted software.
I appreciate the help you can give me.
Hi RaviSoni, Thank you very much for the quick answer.
Really thank you very much for the help, this is excellent was what I was looking for.
Thanks
You can search for any program with this query.
Yes, this is correct. A better way is usage of wildcard '%' to match the program name would be much easier in this case. You can put a condition for name, bundle_executable or bundle_name as well.For example,
WHERE name LIKE '%Chrome%' OR bundle_executable LIKE '%Chrome%' OR bundle_name LIKE '%Chrome%'
Here is the complete query ready to use.
/* DEFINE VARIABLE IN CENTRAL */ -- VARIABLE programName STRING SELECT name, path, bundle_executable, bundle_identifier, bundle_name, bundle_short_version, bundle_version, display_name FROM apps WHERE name LIKE '%$$programName$$%' OR bundle_executable LIKE '%$$programName$$%' OR bundle_name LIKE '%$$programName$$%'
Hi RaviSoni,
Thank you very much for the quick answer.
Query and if I wanted to validate the specific version of some software, how could the query be structured?
I tried it this way with the Google Chrome example:
SELECT name, path, bundle_executable, bundle_short_versionFROM appsWHERE bundle_executable LIKE 'Google Chrome'
I don't know if it's the right way to do it.
Thanks.
Hi Jairo,
You can run the below query and get the desired details of the installed app in macOS.
SELECT name, path, bundle_executable, bundle_identifier, bundle_name, bundle_short_version, bundle_version, display_name FROM apps
SELECT friendly_name, interface, address, mask, broadcast, point_to_point, type FROM interface_addresses WHERE address LIKE '%.%.%.%' AND address <> '127.0.0.1'