Solved: Check if new software detected exists/doesn't exis...

siddh01r · ‎03-06-2019

I am trying to find out when a new software get installed on any end point. and I also have a script running to collect installed software

I have created a lookup file called installed_software_workstations.csv - where i have recorded all the approved software.
I need help with something like -

check if software is not in lookup file( installed_software_workstations.csv). flag it as unapproved software or new software.

renjith_nair · ‎03-07-2019

@siddh01r,

Assuming that you have the list of softwares installed and software name is DisplayName. Your lookup table has product which points to software name.
Try

sourcetype = Script:InstalledApps" |stats count by DisplayName 
|lookup approved_software-workstations.csv product as DisplayName
|where isnull(is_approved)

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair · ‎03-07-2019

@siddh01r,

Assuming that you have the list of softwares installed and software name is DisplayName. Your lookup table has product which points to software name.
Try

sourcetype = Script:InstalledApps" |stats count by DisplayName 
|lookup approved_software-workstations.csv product as DisplayName
|where isnull(is_approved)

---
What goes around comes around. If it helps, hit it with Karma 🙂

siddh01r · ‎03-07-2019

This has worked for me mate!!! thank you so much!!!!

Check if new software detected exists/doesn't exist in Lookup

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation