I'm a newbie...Trying to write a one-time query to...
# generala
Alex Alborzfard
04/06/2020, 5:34 PMI'm a newbie...Trying to write a one-time query to check if a specific Windows patch has been installed on all hosts or on specific hosts.
s
sundsta
04/06/2020, 5:42 PMYou can do this with the patches table. See https://osquery.io/schema/4.2.0#patches
a
alessandrogario
04/06/2020, 7:01 PM
some additional info from Fritz: https://osquery.slack.com/archives/C08V7KTJB/p1584022509164200
a
Alex Alborzfard
04/06/2020, 7:14 PMSo would this work:
Alex Alborzfard
04/06/2020, 7:16 PMSelect * from Patches where csname=<hostname> AND hotfix_id=<kbname>
Alex Alborzfard
04/06/2020, 7:29 PMAlso where in Fritz's script there's an option to specify KB# and host name(s)?
d
DG
04/06/2020, 9:34 PMI stole the query on From: https://blog.kolide.com/using-kolide-osquery-to-find-and-fix-critical-windows-crypto-vulnerability-b6c05e33a9cf for my own purposes
DG
04/06/2020, 9:34 PMThis gets applied and reboot status
DG
04/06/2020, 9:34 PMAlso make sure to include all "equivalent" KBs across your different OS versions - sometimes its not the number, so this uses a list