This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Reboot Date & Time through python script

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Reboot Date & Time through python script

Go to solution
RFeyertag
L4 Transporter

‎02-20-2023 02:38 PM

Hello dear community, 

 

I wan't to check the boot time of server OS, because of windows updates. When they got installed and the system is not booted, it will get to an unstable status. 

 

 

This is a small script, which is reading the fqdn, hostname and reboot time. 

 

import socket
import psutil
import datetime
 
# returns the time in seconds since the epoch, the hostname and fqdn
last_reboot = psutil.boot_time()
host_name = socket.gethostname() 
fqdn = socket.getfqdn()
# converting the date and time in readable format and printing hostname, fqdn and last reboot time
print(host_name,";",fqdn,";",datetime.datetime.fromtimestamp(last_reboot))
 
My missing knowledge is how to get this data for hundred of servers in one readable table sorted by domain and reboot date/time etc. executing python script through cortex xdr pro action center? 
 
Please help to understand how I can reach my goal
 
Thanks! 
 
BR
 
Rob
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
timurphy
L3 Networker

‎02-21-2023 07:56 AM

Hi @RFeyertag,

 

With a few changes to your code, it would be possible to retrieve this information as you suggested by running the Python script against your target endpoints via the Action Center. Rather than just printing the output, it would be better to return the values in a dictionary.

 

However, it is probably much easier to leverage XQL to find this information. Try using the following query and adjust as needed:

dataset = xdr_data
| filter event_type = ENUM.AGENT_STATUS and event_sub_type = ENUM.AGENT_STATUS_AGENT_BOOT
| fields agent_host_boot_time as Last_Reboot, agent_hostname
| alter Last_Reboot = to_timestamp(Last_Reboot, "MILLIS")
| dedup Last_Reboot by asc Last_Reboot 
| sort asc Last_Reboot

 

I hope this helps!

 

Regards,

Tim

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
timurphy
L3 Networker

‎02-21-2023 07:56 AM

Hi @RFeyertag,

 

With a few changes to your code, it would be possible to retrieve this information as you suggested by running the Python script against your target endpoints via the Action Center. Rather than just printing the output, it would be better to return the values in a dictionary.

 

However, it is probably much easier to leverage XQL to find this information. Try using the following query and adjust as needed:

dataset = xdr_data
| filter event_type = ENUM.AGENT_STATUS and event_sub_type = ENUM.AGENT_STATUS_AGENT_BOOT
| fields agent_host_boot_time as Last_Reboot, agent_hostname
| alter Last_Reboot = to_timestamp(Last_Reboot, "MILLIS")
| dedup Last_Reboot by asc Last_Reboot 
| sort asc Last_Reboot

 

I hope this helps!

 

Regards,

Tim

0 Likes Likes

Go to solution
RFeyertag
L4 Transporter
In response to timurphy

‎02-22-2023 01:29 PM

Hello @timurphy!

 

This is a great solution! 

I will prepare it for my self with the highest restart time and the group name. 

 

Thank you so much!

 

BR

 

Rob

0 Likes Likes

Go to solution
RFeyertag
L4 Transporter
In response to timurphy

‎02-22-2023 01:30 PM

Hello Tim,

 

This is a great solution! 

I will prepare it for my self with the highest restart time and the group name. 

 

Thank you so much!

 

BR

 

Rob

0 Likes Likes
  • 1 accepted solution
  • 1864 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks