XDR & Java installs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XDR & Java installs

L0 Member

With the upcoming Oracle Java license changes, I'm looking into using XQL to report on existing installs, and potentially a process based BIOC to block new installs which would incur a licensing fee. 

Anyone familiar with Java know how to differentiate between openJDK installs and OracleJDK installs?

4 REPLIES 4

L5 Sessionator

Hello @p.Dugan005079 ,

 

Thanks for reaching out on LiveCommunity!

 

You can start with preset = host_inventory_applications  and filter with Application Name.

 

To block the installation, you can refer to below:

https://live.paloaltonetworks.com/t5/cortex-xdr-articles/cortex-xdr-poc-software-installations-block...

 

If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.

Ashutosh Patil

L4 Transporter

Hi,
For detect i used this query:

config case_sensitive = false timeframe=365d
| dataset = host_inventory
| filter applications != null
| arrayexpand applications
| alter applicationsName=json_extract(applications, "$.application_name")
| alter applicationsVersion=json_extract(applications, "$.version")
| filter applications contains "Java"
|fields applicationsName, applicationsVersion, ip_addresses, host_name

If this post answers your question, please mark it as the solution.




Best regards
Tiago Marques

L0 Member

@aspatil @tlmarques 
Thank you for input but niether of those replies are helpful. I am well aware of which datasets are available, how to use XQL, and how to block processes and installs with XDR. 
The question is primarily about identifying which instances would incur a fee due to Oracle's upcoming licensing change - "Anyone familiar with Java know how to differentiate between openJDK installs and OracleJDK installs?"

You can reach out to Oracle Team directly regarding your query. As being the Third Party Vendor we couldn't help identifying which instances would incur a fee due to Oracle's upcoming licensing change.  

Ashutosh Patil
  • 344 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!