Hi all,
Hope you are well. I have a task about getting users'Chrome extension list with Splunk Search with queries. I couldn't figure out how can i do this. I am new on Splunk and sometimes i can ask too much questions to the community. Sorry about this.
Thanks in advance.
Best Regards.
If you are somehow indexing each user's Chrome extensions then, yes, you can search them. Splunk cannot, however, reach out to individual user computers to query them for installed software and plug-ins. The computers would have run a script or program that collects the desired information and forwards it to Splunk.
I supposed i can find these by searching file creation event logs. You know when a user installed an extension that extension will be installed on computer but i don't know what is the exact query for this
You'd have to inquire on a Chrome forum about the specifics of detecting when an extension is installed. Then ensure Splunk is monitoring the appropriate file/directory.