cancel
Showing results for 
Search instead for 
Did you mean: 
Disclaimer
JUMPCLOUD EXPRESSLY DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, CONDITIONS, AND LIABILITIES OF ANY KIND ARISING FROM OR RELATED TO THIRD-PARTY SOFTWARE, SCRIPTS, REPOSITORIES, AND APIS. JUMPCLOUD IS NOT REQUIRED TO SUPPORT ANY SUCH THIRD-PARTY MATERIALS AND ALL RISKS RELATED TO THIRD-PARTY MATERIALS ARE YOUR RESPONSIBILITY. PLEASE ALSO REVIEW THE JUMPCLOUD TOS.

Get Edge Extension & Firefox Add-on Info On Windows

shawnsong
Rising Star III
Rising Star III

Hi Folks,

It’s me again 😀.

Have you ever wondered how to retrieve the extension / Add-on info on Windows for Edge & Firefox?  

That’s right, JumpCloud System Insights doesn’t support these tables (yet). 

shawnsong_0-1695017087483.png

However, I have found a way to get these data just as they say, every cloud has a silver lining. 

Alright let’s get to it. 

Setting Up in JC Cmd

So here is the caveat - System Insights is leveraging a forked osquery agent to collect its data, the tables (by definition of osquery) are natively supported!

  • This is the table for FF add-ons.

And since Edge has been using the chromium core - it’s a part of the same table with Chrome - as the `browser_type` suggests, this table actually supports many other browser too (pretty much all the “main-stream” ones on the market):

shawnsong_1-1695017120032.png

For Edge Extension

  • Create a JC cmd and take a note on the cmd name.
  • Copy & paste the code below to the cmd body. 
  • Recommended to set to run manually.
  • Bind to Windows devices and save it. shawnsong_2-1695017140268.png
     .$env:ProgramFiles\jumpcloud\jcosqueryi.exe --json_pretty "select * from chrome_extensions where chrome_extensions.uid in(select uid from users) and browser_type in ('edge');"

     

For FireFox add-ons:

  • Follow the steps above to create the JC cmd.
  • Copy & paste the code below to the cmd body instead. 
     .$env:ProgramFiles\jumpcloud\jcosqueryi.exe --json_pretty "select * from firefox_addons where firefox_addons.uid in(select uid from users);"​

 

Next

Now, run the above cmd separately. And run the script below in your PowerShell console (not user’s device, nor JumpCloud cmd).

 

# -----------------------------------------------------------------------------
# Script: get-jcOSQueryResult.ps1
# Version: 1.0.3
# Author: Shawn Song
# Reference: 
#  -  https://github.com/TheJumpCloud/jcapi-powershell/blob/master/SDKs/PowerShell/JumpCloud.SDK.V1/examples/Search-JcSdkCommandResult.md
# 
# Notes: Always name your cmd with a proper naming covention.
# Requirements:
# - The latest JumpCloud PowerShell Module.
# - PowerShell 7 and above versions. 
# -----------------------------------------------------------------------------

# Input the cmd name you use for querying the Edge/Firefox add-ons
$cmdName = "Edge Extensions - JCQSQuery" # Microsft Edge Browser 
#$cmdName = "FF Add-ons - JCQSQuery" # Firefox Browser
Connect-JCOnline -JumpCloudApiKey "your-read-only-api-key" # Read-only permission is all you need!

#################################### Don't Change the code below this line ####################################
function get-jcOSQueryResults {
    param (
        [string]$cmdName
    )
    $commandsResultBody = @{
        filter = @{
            'and' = @("name:`$eq:$cmdName" )
        }
        fields = 'response.data.exitCode response.data.output system responseTime'
    }| ConvertTo-Json -Depth 99
    $results = Search-JcSdkCommandResult -body $commandsResultBody 
    return $results
}

function outputOSQReport {
    # Build the array for outputting to csv
    $outPutResults = @()

    # Getting the cmd results with the json output
    $results = get-jcOSQueryResults($cmdName)

    # Getting the extension info from each cmd result
    foreach ($r in $results){
        $ext = $r.DataOutput | ConvertFrom-Json -Depth 99 
        foreach ($e in $ext){
            $tempOutput = "" | select dataCollectTime,name,author,identifier,install_time,manifest_hash,path,permissions,profile,profile_path,version,systemID
            
            $tempOutput.dataCollectTime = $r.responseTime
            $tempOutput.name = $e.name
            $tempOutput.author = $e.author
            $tempOutput.identifier = $e.identifier
            $tempOutput.install_time  = $e.install_time
            $tempOutput.manifest_hash = $e.manifest_hash
            $tempOutput.path = $e.path
            $tempOutput.permissions = $e.permissions
            $tempOutput.profile = $e.profile
            $tempOutput.profile_path = $e.profile_path
            $tempOutput.version = $e.version
            $tempOutput.systemID = $r.systemId
            $outPutResults += $tempOutput
        }
    }
    $outPutResults | Export-Csv ".\$((Get-Date).ToString("yyyyMMdd"))_ExtReport.csv"
    
}

outputOSQReport

 

It will output the report in csv format, and you will be able to easily filter through the data to find out when, where, and who installed what extension / add-ons.

shawnsong_3-1695017255251.png

 

And that’s it, hope it helps! 

Have a great start to the week folks. 😉

P.S. a special shoutout to @BrightRodger for inspiring me this time around (again)  - thanks buddy! 🙏

 

 

1 REPLY 1

ncarmichael
Rising Star II

I have only just come across osquery so am excited to see what I can do with it, the classic issue though is find a way to get the data back to some kind of central console without  having to create an application

You Might Like

New to the site? Take a look at these additional resources:

Community created scripts:

Our new Radical Admin blog:

Keep up with Product News:

Read our community guidelines

Ready to join us? You can register here.