Creating Smart Group for out of date Crowdstrike versions

cnixon14
New Contributor III

I am trying to create a smart group of machines with CS versions that are not "5.%" or "6.%" (%s being wildcards). This is what I have right now but the smart group populates with all machines on the network.

371d522154b84628ae857167470c1222

Has anyone successfully created a smart group based on the version number that the machine is running? Thanks!

2 REPLIES 2

sdagley
Esteemed Contributor II

@cnixon14 The forum software makes it really hard to embed a regex, so this will take a little work...

Use Match Version Number or Higher.bash to generate a regex for version 5.6 or higher.

Then change to a single Criteria:"Falcon Sensor Version" Operator:"does not match regex" Value:"The regex generated by Match Version Number or Higher.bash"

mm2270
Legendary Contributor III

You should probably switch the modifier to "does not match regex" instead of the "is not" modifier. And use something like ^[5-6].* That should find any version that doesn't start with a 5. or 6.

You might have to add in some other criteria in case the extension attribute you're using returns something like Not Installed, as mine does, or if it's blank (i.e. a machine hasn't checked in with new inventory in a long while)

Edit: @sdagley beat me to it. Same idea.