09-18-2023 02:08 AM - edited 09-18-2023 02:12 AM
Hi Folks,
It’s me again 😀.
Have you ever wondered how to retrieve the extension / Add-on info on Windows for Edge & Firefox?
That’s right, JumpCloud System Insights doesn’t support these tables (yet).
However, I have found a way to get these data just as they say, every cloud has a silver lining.
Alright let’s get to it.
So here is the caveat - System Insights is leveraging a forked osquery agent to collect its data, the tables (by definition of osquery) are natively supported!
And since Edge has been using the chromium core - it’s a part of the same table with Chrome - as the `browser_type` suggests, this table actually supports many other browser too (pretty much all the “main-stream” ones on the market):
For Edge Extension:
.$env:ProgramFiles\jumpcloud\jcosqueryi.exe --json_pretty "select * from chrome_extensions where chrome_extensions.uid in(select uid from users) and browser_type in ('edge');"
For FireFox add-ons:
.$env:ProgramFiles\jumpcloud\jcosqueryi.exe --json_pretty "select * from firefox_addons where firefox_addons.uid in(select uid from users);"
Now, run the above cmd separately. And run the script below in your PowerShell console (not user’s device, nor JumpCloud cmd).
# -----------------------------------------------------------------------------
# Script: get-jcOSQueryResult.ps1
# Version: 1.0.3
# Author: Shawn Song
# Reference:
# - https://github.com/TheJumpCloud/jcapi-powershell/blob/master/SDKs/PowerShell/JumpCloud.SDK.V1/examples/Search-JcSdkCommandResult.md
#
# Notes: Always name your cmd with a proper naming covention.
# Requirements:
# - The latest JumpCloud PowerShell Module.
# - PowerShell 7 and above versions.
# -----------------------------------------------------------------------------
# Input the cmd name you use for querying the Edge/Firefox add-ons
$cmdName = "Edge Extensions - JCQSQuery" # Microsft Edge Browser
#$cmdName = "FF Add-ons - JCQSQuery" # Firefox Browser
Connect-JCOnline -JumpCloudApiKey "your-read-only-api-key" # Read-only permission is all you need!
#################################### Don't Change the code below this line ####################################
function get-jcOSQueryResults {
param (
[string]$cmdName
)
$commandsResultBody = @{
filter = @{
'and' = @("name:`$eq:$cmdName" )
}
fields = 'response.data.exitCode response.data.output system responseTime'
}| ConvertTo-Json -Depth 99
$results = Search-JcSdkCommandResult -body $commandsResultBody
return $results
}
function outputOSQReport {
# Build the array for outputting to csv
$outPutResults = @()
# Getting the cmd results with the json output
$results = get-jcOSQueryResults($cmdName)
# Getting the extension info from each cmd result
foreach ($r in $results){
$ext = $r.DataOutput | ConvertFrom-Json -Depth 99
foreach ($e in $ext){
$tempOutput = "" | select dataCollectTime,name,author,identifier,install_time,manifest_hash,path,permissions,profile,profile_path,version,systemID
$tempOutput.dataCollectTime = $r.responseTime
$tempOutput.name = $e.name
$tempOutput.author = $e.author
$tempOutput.identifier = $e.identifier
$tempOutput.install_time = $e.install_time
$tempOutput.manifest_hash = $e.manifest_hash
$tempOutput.path = $e.path
$tempOutput.permissions = $e.permissions
$tempOutput.profile = $e.profile
$tempOutput.profile_path = $e.profile_path
$tempOutput.version = $e.version
$tempOutput.systemID = $r.systemId
$outPutResults += $tempOutput
}
}
$outPutResults | Export-Csv ".\$((Get-Date).ToString("yyyyMMdd"))_ExtReport.csv"
}
outputOSQReport
It will output the report in csv format, and you will be able to easily filter through the data to find out when, where, and who installed what extension / add-ons.
And that’s it, hope it helps!
Have a great start to the week folks. 😉
P.S. a special shoutout to @BrightRodger for inspiring me this time around (again) - thanks buddy! 🙏
12-06-2023 03:34 PM
I have only just come across osquery so am excited to see what I can do with it, the classic issue though is find a way to get the data back to some kind of central console without having to create an application
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.