Scanning Windows Registry entries for Elastic Serach deployments

I am trying to discover elasticsearch deployments in windows machines. In my scanner I wanted to search for a particular registry setting which is created when we install elastic search in Windows. I can search for the .bat file but the scanner performs extremely slow in that case. A windows registry will be much quicker. Any help appreciated

The zip archive distribution does not add any registry settings so it's going to be tricky to understand who may have it installed. The environment variables ES_HOME and ES_PATH_CONF may be set which may give some indication but no guarantee.

The Windows MSI installer distribution adds some registry entries that can be retrieved with e.g. PowerShell

gci Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Elastic\Elasticsearch

BUT note that these registry entries only exist in installer versions 6.2.0+

Thanks a lot..

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.