Splunk query to find browsers installed on a machi...

Roy_9 · ‎06-03-2024

Hi,

can someone help me with splunk search to identify browsers installed on a machine, im looking for a specific field where i can capture this data.

thanks

ITWhisperer · ‎06-03-2024

What data do you have ingested into Splunk?

Roy_9 · ‎06-03-2024

@ITWhisperer we have splunk add-on windows deployed on all machines.

PickleRick · ‎06-04-2024

Extending @ITWhisperer 's answer - unless you have a third-party solution (some form of asset inventory software or even your own scripted input listing installed software), Splunk on its own cannot tell you since it only works on the data you give it. So by default you can only pull what your Windows machine produces (event logs, maybe some log files). So if you can find this info in what Windows report on its own - good, you can use it. But I don't recall that it does.

ITWhisperer · ‎06-03-2024

OK so what information have managed to ingest into Splunk from them? Essentially, you can only query information which has been ingested (with a few exceptions).

Splunk query to find browsers installed on a machine

count

field extraction

stats

subsearch

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?