This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Disclaimer
JUMPCLOUD EXPRESSLY DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, CONDITIONS, AND LIABILITIES OF ANY KIND ARISING FROM OR RELATED TO THIRD-PARTY SOFTWARE, SCRIPTS, REPOSITORIES, AND APIS. JUMPCLOUD IS NOT REQUIRED TO SUPPORT ANY SUCH THIRD-PARTY MATERIALS AND ALL RISKS RELATED TO THIRD-PARTY MATERIALS ARE YOUR RESPONSIBILITY. PLEASE ALSO REVIEW THE JUMPCLOUD TOS.

Get Edge Extension & Firefox Add-on Info On Windows

shawnsong
Rising Star III
Rising Star III

‎09-18-2023 02:08 AM - edited ‎09-18-2023 02:12 AM

Hi Folks,

It’s me again 😀.

Have you ever wondered how to retrieve the extension / Add-on info on Windows for Edge & Firefox?  

That’s right, JumpCloud System Insights doesn’t support these tables (yet). 

shawnsong_0-1695017087483.png

However, I have found a way to get these data just as they say, every cloud has a silver lining. 

Alright let’s get to it. 

Setting Up in JC Cmd

So here is the caveat - System Insights is leveraging a forked osquery agent to collect its data, the tables (by definition of osquery) are natively supported!

  • This is the table for FF add-ons.

And since Edge has been using the chromium core - it’s a part of the same table with Chrome - as the `browser_type` suggests, this table actually supports many other browser too (pretty much all the “main-stream” ones on the market):

shawnsong_1-1695017120032.png

For Edge Extension

  • Create a JC cmd and take a note on the cmd name.
  • Copy & paste the code below to the cmd body. 
  • Recommended to set to run manually.
  • Bind to Windows devices and save it. shawnsong_2-1695017140268.png
     .$env:ProgramFiles\jumpcloud\jcosqueryi.exe --json_pretty "select * from chrome_extensions where chrome_extensions.uid in(select uid from users) and browser_type in ('edge');"

     

For FireFox add-ons:

  • Follow the steps above to create the JC cmd.
  • Copy & paste the code below to the cmd body instead. 
     .$env:ProgramFiles\jumpcloud\jcosqueryi.exe --json_pretty "select * from firefox_addons where firefox_addons.uid in(select uid from users);"​

 

Next

Now, run the above cmd separately. And run the script below in your PowerShell console (not user’s device, nor JumpCloud cmd).

 

# -----------------------------------------------------------------------------
# Script: get-jcOSQueryResult.ps1
# Version: 1.0.3
# Author: Shawn Song
# Reference: 
#  -  https://github.com/TheJumpCloud/jcapi-powershell/blob/master/SDKs/PowerShell/JumpCloud.SDK.V1/examples/Search-JcSdkCommandResult.md
# 
# Notes: Always name your cmd with a proper naming covention.
# Requirements:
# - The latest JumpCloud PowerShell Module.
# - PowerShell 7 and above versions. 
# -----------------------------------------------------------------------------

# Input the cmd name you use for querying the Edge/Firefox add-ons
$cmdName = "Edge Extensions - JCQSQuery" # Microsft Edge Browser 
#$cmdName = "FF Add-ons - JCQSQuery" # Firefox Browser
Connect-JCOnline -JumpCloudApiKey "your-read-only-api-key" # Read-only permission is all you need!

#################################### Don't Change the code below this line ####################################
function get-jcOSQueryResults {
    param (
        [string]$cmdName
    )
    $commandsResultBody = @{
        filter = @{
            'and' = @("name:`$eq:$cmdName" )
        }
        fields = 'response.data.exitCode response.data.output system responseTime'
    }| ConvertTo-Json -Depth 99
    $results = Search-JcSdkCommandResult -body $commandsResultBody 
    return $results
}

function outputOSQReport {
    # Build the array for outputting to csv
    $outPutResults = @()

    # Getting the cmd results with the json output
    $results = get-jcOSQueryResults($cmdName)

    # Getting the extension info from each cmd result
    foreach ($r in $results){
        $ext = $r.DataOutput | ConvertFrom-Json -Depth 99 
        foreach ($e in $ext){
            $tempOutput = "" | select dataCollectTime,name,author,identifier,install_time,manifest_hash,path,permissions,profile,profile_path,version,systemID
            
            $tempOutput.dataCollectTime = $r.responseTime
            $tempOutput.name = $e.name
            $tempOutput.author = $e.author
            $tempOutput.identifier = $e.identifier
            $tempOutput.install_time  = $e.install_time
            $tempOutput.manifest_hash = $e.manifest_hash
            $tempOutput.path = $e.path
            $tempOutput.permissions = $e.permissions
            $tempOutput.profile = $e.profile
            $tempOutput.profile_path = $e.profile_path
            $tempOutput.version = $e.version
            $tempOutput.systemID = $r.systemId
            $outPutResults += $tempOutput
        }
    }
    $outPutResults | Export-Csv ".\$((Get-Date).ToString("yyyyMMdd"))_ExtReport.csv"
    
}

outputOSQReport

 

It will output the report in csv format, and you will be able to easily filter through the data to find out when, where, and who installed what extension / add-ons.

shawnsong_3-1695017255251.png

 

And that’s it, hope it helps! 

Have a great start to the week folks. 😉

P.S. a special shoutout to @BrightRodger for inspiring me this time around (again)  - thanks buddy! 🙏

 

 

Labels:
1 REPLY 1

ncarmichael
Rising Star II

‎12-06-2023 03:34 PM

I have only just come across osquery so am excited to see what I can do with it, the classic issue though is find a way to get the data back to some kind of central console without  having to create an application

0 Kudos
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts:

Our new Radical Admin blog:

Keep up with Product News:

Read our community guidelines

Ready to join us? You can register here.