Hi all,
I am trying to fetch installed software details from my system (windows) into the Elasticsearch. Does any one have idea how to do the same?
I have tried using metricbeat but at most I can get the running process details. Is there any other elastic or community beat which can fulfill my requirements?
Also, is auditbeat able to detect installation of new software?
Thanks
Hi!
Perhaps our OSQuery integration for Elastic Agent is what you're looking for.
It lets you run queries on the machines that have Agent installed, so you can ask for things like "which programs are installed on this machine".
For some more info on the osquery integration see Osquery | Kibana Guide [7.16] | Elastic.
I think you could query the programs table: https://www.osquery.io/schema/5.1.0/#programs
Thanks @andrewkroh and @miltonhultgren I will try the OSQuery integration.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.