Hi #general I am trying to build a query to evaluate if the CrowdStrike agent process is running for both Big Sur and previous OS, but I am not being very successful. Here is the query I've built:

SELECT * FROM processes WHERE name='com.crowdstrike.falcon.Agent' OR 'falcond' AND (state='R' OR '82');

The process name com.crowdstrike.falcon.Agent is only present in BigSur but not in previous OS versions. Previous OSs, the process is called falcond. In other words, I need to be able to evaluate which one is true, but the above query is only working in BigSur. Any ideas on how to improve this query? Thank you

Maybe you're looking for

SELECT * FROM processes WHERE name IN ('com.crowdstrike.falcon.Agent', 'falcond') AND state IN ('R', '82');

Thank you @zwass That's exactly it. It worked like a charm. Thank you sir. Much appreciated 😉

@William Guilherme, @zwass gave you the right answer. Just so that you know the reason that your original query was not working as you intended; you need to discretely specify the column for any

OR

condition. So where you have

AND (state='R' OR '82')

if you wanted to use

OR

instead of

IN

you would need to write:

AND (state='R' OR state ='82')

Thank you @fritz Much appreciated mate.