Help

Search on installed Network Service

Go to solution
ssavarese
New Contributor III

Posted on ‎11-08-2021 07:35 AM

Is it possible to search on the existence of a network service? I'm thinking of an extension attribute or smart group or something of the like.

We specifically want to track if the Cortex network service called "Cortex XDR Network Filter" is installed.

 

Screen Shot 2021-11-08 at 10.31.18 AM.png

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
ssavarese
New Contributor III
In response to ssavarese

Posted on ‎11-11-2021 05:16 AM

I just wanted to report back that this is working as intended. I had a typo in the above script. this script in this reply is working perfect for identifying if the Cortex Network Filter is installed and active. Thanks again to IamGroot.

---

#!/bin/bash

if grep -q "Cortex XDR" /Library/Preferences/com.apple.networkextension.plist; then
echo "<result>True</result>"
else
echo "<result>False</result>"
fi

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
IamGroot
New Contributor III

Posted on ‎11-08-2021 04:38 PM

Does it show up if you run the below command in Terminal?

networksetup listallnetworkservices

 

It looks like it's a content filter so it likely won't with that command. However if it does, you could do something like the below as an extension attribute script:

#!/bin/bash

cortexPresence=$(networksetup listallnetworkservices | grep "Cortex XDR")

if [ "$cortexPresence" == "Cortex XDR" ];then
echo "<result>True</result>"
else
echo "<result>False</result>"
fi

 

Go to solution
ssavarese
New Contributor III
In response to IamGroot

Posted on ‎11-09-2021 09:43 AM

So following the lead you started.. I thought to check the network plist file to see if the reference to the filter exists. and it does!

 

This code seems to do what I want it do

 

#!/bin/bash

if grep -q "Cortex XDR" /Library/Preferences/com.apple.networkextension.plist; then
echo true
else
echo false
fi

 

I guess Im left with the question of if this is reliable. It definitely works in testing. If I remove the filter I get a "false". if I add it back in I get a "true".

 

I'm going to play with it a bit more. but thank you again for the suggestion.

 

 

0 Kudos

Go to solution
ssavarese
New Contributor III
In response to ssavarese

Posted on ‎11-11-2021 05:16 AM

I just wanted to report back that this is working as intended. I had a typo in the above script. this script in this reply is working perfect for identifying if the Cortex Network Filter is installed and active. Thanks again to IamGroot.

---

#!/bin/bash

if grep -q "Cortex XDR" /Library/Preferences/com.apple.networkextension.plist; then
echo "<result>True</result>"
else
echo "<result>False</result>"
fi

0 Kudos

Go to solution
ssavarese
New Contributor III

Posted on ‎11-09-2021 07:15 AM

Thank you IamGroot. You are correct that it doesn't show up because it is a Content Filter. That did give me a lead though. I found some other people asking the same thing, but no clear solution yet. It did give me a better way to phrase the question at least. 

 

Ill continue looking. thanks!

0 Kudos