Does anyone know of a way to programmatically gather what software exists on each employees computer?


Hello!!! Does anyone know of a way to programmatically gather what software exists on each employees computer? (maybe via chrome, sophos, powershell... something else?) now that i ask this, the answer is probably bettercloud but we have not moved forward yet 🙂 (specifically wanting to check for microsoft programs)


13 replies

Userlevel 3
Badge +1

how are you managing your devices today?


Open Thread in Slack
Badge +2

Osquery can handle that.


Open Thread in Slack
Badge +1

If you have some kind of asset management or patching software that has an agent installed, the management console may be the easiest way to get this. If Windows, you can potentially use Powershell to query the registry for a list of installed programs. This will essentially be what's in add/remove programs, I believe.


Open Thread in Slack
Userlevel 2
Badge +2

I wouldn't think BC would be helpful in this scenario for local installations, only connected SaaS apps. I would fall back to @greg.hupke’s comment about MDM solution or something. For instance, ours has "inventory queries" and you can list all Applications into a CSV export.



Open Thread in Slack
Userlevel 2
Badge +2

Alternatively if you're using some type of vulnerability management tool (Rapid7, Qualys) etc. they usually report installed applications also.



Open Thread in Slack
Badge

+1 for OS Query, open source and really strong community. Fantastic for investigations and combined with your SIEM can alert on installed software and versions you flag as risky or have a zeroday



Open Thread in Slack
Badge +2

kolide.com is a great option if you want to get robust insights & also have your users involved/empowered in the security process.
is a great open source osquery fleet manager, originally made by Kolide & now maintained by one of their former engineers.



Open Thread in Slack
Badge

We use Kolide and its super quick to get started but will probably transition to fleet overtime so we have a holistic view of servers and endpoints. Also because we want to bring more apps inside our cloud for better security. At past job we use Jamf to install the OS query agent on each endpoint and then StreamAlert + SumoLogic handled the query/alert part.



Open Thread in Slack
Userlevel 2
Badge +5

We are able to see our installed software from four places: endpoint management (through Jumpcloud system insights), patch management (Automox), inventory system agent, and vulnerability tool (rapid7). it’s probably overkill, but 🤷



Open Thread in Slack
Badge

Rose answers seem to usually be delightfully overkill, ya'll are running a good shop 🙂



Open Thread in Slack
Userlevel 2
Badge +5

haha we try. honestly nowadays we’re trying to figure out where we can trim down some of the redundancy, since as tools have matured the overlap has increased over time… I think we’re going to get rid of the inventory agent and start pulling information from the other three into an “automated” inventory spreadsheet.



Open Thread in Slack
Userlevel 2
Badge +5

that’s the dream, anyway.



Open Thread in Slack
Userlevel 2
Badge +2

If only fewer products did more things beyond mediocre.



Open Thread in Slack

Reply