Query to get Installed date of apps on apps table
Following query can be used to get the installed date of apps
The installed date of apps on 'apps' table will be available from 5.10.x Uptycs Osquery release.
- select path, datetime(date_added_time,'unixepoch') as app_installed_time from apps
Here 'date_added_time' is the app installed time, which we are going to provide.
For assets running on lower osquery versions, you can take help of the below query to fetch the installed date from 'apps' table:
- select filename, path, datetime(btime,'unixepoch') from file as app_installed_time where path in ( select path from apps )
Here 'btime' is the birth time of the file/app, which we already provide.
Related Articles
SQL Query to get list of S3 buckets exposed to internet
WITH nested_acl_grants as ( select *, contains( transform( CAST(acl_grants AS ARRAY < JSON >), a -> json_extract_scalar(a, '$.Grantee.URI') in ( 'http://acs.amazonaws.com/groups/global/AllUsers', ...
Sql query to find the asset-activity within the given time stamps
please find the below query for finding the list of commands executed along with the user and cmd line and key attributes you can add multiple tables based on your needs ,in this query added only 5 tables which are mostly used you can also modify the ...
Query to Retrieve Asset Restart Counts and Reasons for Specific Time Intervals / a specific day
This SQL query is designed to retrieve the number of restarts by assets and their reasons for restarts within a specified time interval. The query allows you to choose the date or time interval by replacing the {required_date} placeholder with your ...
Queries in Uptycs Global Investigation Page from Detection and Alerts table
Leveraging SQL queries within the Global Investigation page allows users to extract precise insights regarding detections. Below, we've compiled a set of SQL queries tailored to fulfill various investigative needs: 1. Query for Total Assets by ...
SQL query to fetch all the details of assets
SQL query to fetch the instance id, tags ,last activity ,OS, OS version ,Last enrolled ,OSQ version, Gateway IP ,Interface Name ,IP ,asset group select ua.host_name as Hostname, ua.id as InstanceID, ua.tags as TAGS, ua.last_activity_at as ...