How to get Chrome extension list of a user?

10061987 · ‎02-23-2022

Hi all,

Hope you are well. I have a task about getting users'Chrome extension list with Splunk Search with queries. I couldn't figure out how can i do this. I am new on Splunk and sometimes i can ask too much questions to the community. Sorry about this.

Thanks in advance.

Best Regards.

richgalloway · ‎02-23-2022

If you are somehow indexing each user's Chrome extensions then, yes, you can search them. Splunk cannot, however, reach out to individual user computers to query them for installed software and plug-ins. The computers would have run a script or program that collects the desired information and forwards it to Splunk.

---
If this reply helps you, Karma would be appreciated.

10061987 · ‎02-23-2022

I supposed i can find these by searching file creation event logs. You know when a user installed an extension that extension will be installed on computer but i don't know what is the exact query for this

richgalloway · ‎02-23-2022

You'd have to inquire on a Chrome forum about the specifics of detecting when an extension is installed. Then ensure Splunk is monitoring the appropriate file/directory.

---
If this reply helps you, Karma would be appreciated.

How to get Chrome extension list of a user?

search job inspector

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk