Is it possible to search on the existence of a network service? I'm thinking of an extension attribute or smart group or something of the like.
We specifically want to track if the Cortex network service called "Cortex XDR Network Filter" is installed.
Does it show up if you run the below command in Terminal?
networksetup listallnetworkservices
It looks like it's a content filter so it likely won't with that command. However if it does, you could do something like the below as an extension attribute script:
#!/bin/bash
cortexPresence=$(networksetup listallnetworkservices | grep "Cortex XDR")
if [ "$cortexPresence" == "Cortex XDR" ];then
echo "<result>True</result>"
else
echo "<result>False</result>"
fi
Thank you IamGroot. You are correct that it doesn't show up because it is a Content Filter. That did give me a lead though. I found some other people asking the same thing, but no clear solution yet. It did give me a better way to phrase the question at least.
Ill continue looking. thanks!
Does it show up if you run the below command in Terminal?
networksetup listallnetworkservices
It looks like it's a content filter so it likely won't with that command. However if it does, you could do something like the below as an extension attribute script:
#!/bin/bash
cortexPresence=$(networksetup listallnetworkservices | grep "Cortex XDR")
if [ "$cortexPresence" == "Cortex XDR" ];then
echo "<result>True</result>"
else
echo "<result>False</result>"
fi
So following the lead you started.. I thought to check the network plist file to see if the reference to the filter exists. and it does!
This code seems to do what I want it do
#!/bin/bash
if grep -q "Cortex XDR" /Library/Preferences/com.apple.networkextension.plist; then
echo true
else
echo false
fi
I guess Im left with the question of if this is reliable. It definitely works in testing. If I remove the filter I get a "false". if I add it back in I get a "true".
I'm going to play with it a bit more. but thank you again for the suggestion.
So following the lead you started.. I thought to check the network plist file to see if the reference to the filter exists. and it does!
This code seems to do what I want it do
#!/bin/bash
if grep -q "Cortex XDR" /Library/Preferences/com.apple.networkextension.plist; then
echo true
else
echo false
fi
I guess Im left with the question of if this is reliable. It definitely works in testing. If I remove the filter I get a "false". if I add it back in I get a "true".
I'm going to play with it a bit more. but thank you again for the suggestion.
I just wanted to report back that this is working as intended. I had a typo in the above script. this script in this reply is working perfect for identifying if the Cortex Network Filter is installed and active. Thanks again to IamGroot.
---
#!/bin/bash
if grep -q "Cortex XDR" /Library/Preferences/com.apple.networkextension.plist; then
echo "<result>True</result>"
else
echo "<result>False</result>"
fi
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.