Approved

This query is one you are recommended to read the full content of the post to use. It is not simply a copy and paste query, like others in the forum. It is valuable in the right situation.

Live Discover Query to see the versions of any software installed on macOS

Hello Sophos Team,

I wanted a live discovery query that would retrieve the version of any software installed on macOS machines in my environment, as well as the hostname / IP of the machines.

The purpose of this query is to verify and patch all programs to the latest version and make sure there are no vulnerabilities affecting them.

Then, a result like Name, IP, version of the consulted software.

I appreciate the help you can give me.

Parents
  • Hi Jairo,

    You can run the below query and get the desired details of the installed app in macOS.

    SELECT 
       name,
       path,
       bundle_executable,
       bundle_identifier,
       bundle_name,
       bundle_short_version,
       bundle_version,
       display_name
    FROM
       apps
       



    To get the machine IP details.

    SELECT
       friendly_name,
       interface,
       address,
       mask,
       broadcast,
       point_to_point,
       type
    FROM 
        interface_addresses
    WHERE 
        address LIKE '%.%.%.%' 
    AND address <> '127.0.0.1'

  • Hi RaviSoni,


    Thank you very much for the quick answer.

    Query and if I wanted to validate the specific version of some software, how could the query be structured?

    I tried it this way with the Google Chrome example:

    SELECT
            name,
            path,
            bundle_executable,
            bundle_short_version
    FROM
           apps
    WHERE
           bundle_executable LIKE 'Google Chrome'

    I don't know if it's the right way to do it.

    Thanks.

  • Hi RaviSoni,
    Thank you very much for the quick answer.

    Really thank you very much for the help, this is excellent was what I was looking for.

    Thanks

Comment Children
No Data