Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Powered by
Title
a
Alex Alborzfard
04/06/2020, 5:34 PM
I'm a newbie...Trying to write a one-time query to check if a specific Windows patch has been installed on all hosts or on specific hosts.
s
sundsta
04/06/2020, 5:42 PM
You can do this with the patches table. See
https://osquery.io/schema/4.2.0#patches
a
alessandrogario
04/06/2020, 7:01 PM
some additional info from Fritz:
https://osquery.slack.com/archives/C08V7KTJB/p1584022509164200
a
Alex Alborzfard
04/06/2020, 7:14 PM
So would this work:
Select * from Patches where csname=<hostname> AND hotfix_id=<kbname>
Also where in Fritz's script there's an option to specify KB# and host name(s)?
d
DG
04/06/2020, 9:34 PM
I stole the query on From:
https://blog.kolide.com/using-kolide-osquery-to-find-and-fix-critical-windows-crypto-vulnerability-b6c05e33a9cf
for my own purposes
This gets applied and reboot status
Also make sure to include all "equivalent" KBs across your different OS versions - sometimes its not the number, so this uses a list
#general
Join Slack