Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

Add a new Metric entry Subscribe
Categories Windows Server
Created by Lamont Largie
Created on Sep 5, 2024

RELATED METRIC

Windows Server: AV/EDR - Sophos, Huntress, Defender Installed

Windows Server: Software Compliance - Sophos, Huntress, Defender Installed

Category: Software Compliance

Description:
This metric pulls a list of all installed software from endpoints, specifically filtering for security-related software such as Sophos, Huntress, and Microsoft Defender. It displays both the software name and its version number.


Purpose:
The purpose of this metric is to ensure that critical security software is installed, up to date, and actively running on devices in the environment. This helps to maintain a robust security posture by confirming the presence of essential endpoint protection solutions.


How It Works:
The metric queries the software inventory from connected endpoints using JMESPath. It filters for software whose name contains "Sophos," "Huntress," or "Defender" and then returns the Name and DisplayVersion fields for each match. This allows teams to monitor the specific security software deployed across their managed devices.


Beneficiaries:

  • MSPs (Managed Service Providers): To ensure compliance with endpoint security policies.

  • Security Teams: To track the versioning and presence of endpoint protection software.

  • Compliance Officers: To verify that security software requirements are met for regulatory or internal audit purposes.

Notes for Quick Modifications:

  • Add more security vendors: You can quickly expand this metric to include other security solutions by simply appending more software names in the contains(Name, 'YourSoftware') part of the query.

  • Filter by specific versions: If there is a need to ensure all devices run a particular version of the software, you can add an additional filter for DisplayVersion in the query.

Why Make Changes:

  • Customizing for your toolset: If your organization uses additional security tools beyond Sophos, Huntress, or Defender, expanding the query ensures those tools are monitored as well.

  • Version-specific filtering: Keeping software updated is a critical security task, so adding version-specific checks will help ensure all endpoints run the latest secure versions.

Query

Software[?contains(Name,'Sophos') || contains(Name,'Huntress') || contains(Name,'Defender')].[['Name:'Name], ['Version:'DisplayVersion],['--']][]
  • Attach files