+2Hey All:
Thanks in advance for the help.
I'm trying to see what computers I have in my environment without our Crowdstrike agent installed on them.
I'm guessing the only way is scripting this through an extensible attribute (EA).
if [ -e /library/CS/ ]; then
echo "<result>Has Alias</result>"
else
echo "<result>Does Not Have Alias</result>"
fi
The EA only shows up blank.
Anything I'm doing wrong?
+11Try this one, works for me perfect:
#!/bin/bash###
Variables
###
user=ls -la /dev/console | cut -d " " -f 4result=() filesFound=0 suspiciousFiles=( "YOUR FILE OR FOLDER HERE" )###
Script
###
for suspiciousFile in "${suspiciousFiles[@]}"; do echo "Looking for $suspiciousFile" if [ -e "$suspiciousFile" ]; then filesFound=$(expr $filesFound 1) result=("$suspiciousFile") fi done if [ $filesFound -ne 0 ]; then echo "<result>"Yes: "${result[@]}</result>" else echo "<result>No</result>" fi exit
+5Update to a later version of Crowdstrike and it becomes an app, not just a binary.
If you're not able to update from 6.15 or older, we used to use the below in an extension attribute:
Returns version of CS agent if 6.15 or older.
#!/bin/sh
RESULT="False"
if [ -f "/Library/CS/falconctl" ] ; then
RESULT=$( sysctl cs.version | awk '{print $2}' )
fi
echo "<result>$RESULT</result>"If the EA is turning up blank on your machines, it's likely that they haven't done an inventory (recon) run yet. Have you checked if machines with blank values have done an Inventory run since configuring the EA?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.