topic Reboot Date & Time through python script in Cortex XDR Discussions

Reboot Date & Time through python script

RFeyertag — Mon, 20 Feb 2023 22:38:32 GMT

Hello dear community,

I wan't to check the boot time of server OS, because of windows updates. When they got installed and the system is not booted, it will get to an unstable status.

This is a small script, which is reading the fqdn, hostname and reboot time.

import socket

import psutil

import datetime

# returns the time in seconds since the epoch, the hostname and fqdn

last_reboot = psutil.boot_time()

host_name = socket.gethostname()

fqdn = socket.getfqdn()

# converting the date and time in readable format and printing hostname, fqdn and last reboot time

print(host_name,";",fqdn,";",datetime.datetime.fromtimestamp(last_reboot))

My missing knowledge is how to get this data for hundred of servers in one readable table sorted by domain and reboot date/time etc. executing python script through cortex xdr pro action center?

Please help to understand how I can reach my goal

Thanks!

Rob

Re: Reboot Date & Time through python script

timurphy — Tue, 21 Feb 2023 15:56:25 GMT

Hi @RFeyertag,

With a few changes to your code, it would be possible to retrieve this information as you suggested by running the Python script against your target endpoints via the Action Center. Rather than just printing the output, it would be better to return the values in a dictionary.

However, it is probably much easier to leverage XQL to find this information. Try using the following query and adjust as needed:

dataset = xdr_data | filter event_type = ENUM.AGENT_STATUS and event_sub_type = ENUM.AGENT_STATUS_AGENT_BOOT | fields agent_host_boot_time as Last_Reboot, agent_hostname | alter Last_Reboot = to_timestamp(Last_Reboot, "MILLIS") | dedup Last_Reboot by asc Last_Reboot | sort asc Last_Reboot

I hope this helps!

Regards,

Tim

Re: Reboot Date & Time through python script

RFeyertag — Wed, 22 Feb 2023 21:29:35 GMT

Hello @timurphy!

This is a great solution!

I will prepare it for my self with the highest restart time and the group name.

Thank you so much!

Rob

Re: Reboot Date & Time through python script

RFeyertag — Wed, 22 Feb 2023 21:30:11 GMT

Hello Tim,

This is a great solution!

I will prepare it for my self with the highest restart time and the group name.

Thank you so much!

Rob