This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Find computers with specific registry key

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Find computers with specific registry key

Go to solution
Piotr_Kowalczyk
L3 Networker

‎10-17-2023 03:44 AM

Hi,

Is it possible to find computers which have specific registry key set to particular value using Cortex XDR? I'm not looking for registry modification just for existence. If so, could you tell me how to do this please?

0 Likes Likes
2 accepted solutions

Accepted Solutions

Go to solution
jmazzeo
L5 Sessionator

‎10-17-2023 06:53 AM - edited ‎10-17-2023 06:53 AM

Hi @Piotr_Kowalczyk , thanks for using the Live Community!

 

The Cortex XDR Console comes with a script to check the value of a registry entry:

 

jmazzeo_0-1697550664646.png

You set the path, and this will return the value, and type.

 

If you need to receive a "Exists/Non-exists" return answer from a particular key and the value, then a custom script will be the approach to solve it.

JM

View solution in original post

Go to solution
jmazzeo
L5 Sessionator
In response to Piotr_Kowalczyk

‎10-17-2023 07:10 AM

@Piotr_Kowalczyk you don't need to connect to each computer!

  • The script can be run from Incident Response -> Action Center -> Agent Script Library, then look for the script and select Run.

 

jmazzeo_0-1697551392520.png

  • Then set the registry key.

jmazzeo_1-1697551505426.png

 

  • And define the target, can be many endpoints at the same time. You only need to select the right filter, can be wildcard like when you assign a profile with the policy.

 

jmazzeo_2-1697551606433.png

(this example is my test VM, based in my prefix "JM")

 

  • Click NEXT, review the settings and click "Run".

 

  • You can see the result in the Action Center - All Actions with right-click -> Additional Data.

jmazzeo_3-1697551835858.png

 

JM

View solution in original post

4 REPLIES 4

Go to solution
jmazzeo
L5 Sessionator

‎10-17-2023 06:53 AM - edited ‎10-17-2023 06:53 AM

Hi @Piotr_Kowalczyk , thanks for using the Live Community!

 

The Cortex XDR Console comes with a script to check the value of a registry entry:

 

jmazzeo_0-1697550664646.png

You set the path, and this will return the value, and type.

 

If you need to receive a "Exists/Non-exists" return answer from a particular key and the value, then a custom script will be the approach to solve it.

JM

Go to solution
Piotr_Kowalczyk
L3 Networker
In response to jmazzeo

‎10-17-2023 07:00 AM

Thank you for your reply.

 

My understanding is that this will require to connect with console to particular machine? If so, unfortunately this is not solution which I'm looking for as I need to find all computers (perhaps a few hundreds) which have particular registry value. 

0 Likes Likes

Go to solution
jmazzeo
L5 Sessionator
In response to Piotr_Kowalczyk

‎10-17-2023 07:10 AM

@Piotr_Kowalczyk you don't need to connect to each computer!

  • The script can be run from Incident Response -> Action Center -> Agent Script Library, then look for the script and select Run.

 

jmazzeo_0-1697551392520.png

  • Then set the registry key.

jmazzeo_1-1697551505426.png

 

  • And define the target, can be many endpoints at the same time. You only need to select the right filter, can be wildcard like when you assign a profile with the policy.

 

jmazzeo_2-1697551606433.png

(this example is my test VM, based in my prefix "JM")

 

  • Click NEXT, review the settings and click "Run".

 

  • You can see the result in the Action Center - All Actions with right-click -> Additional Data.

jmazzeo_3-1697551835858.png

 

JM

Go to solution
Piotr_Kowalczyk
L3 Networker

‎10-17-2023 07:45 AM

This is exactly what I was looking for! Thank you!

  • 2 accepted solutions
  • 1717 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks