This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to check powershell version at cortex XDR

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to check powershell version at cortex XDR

Go to solution
G.Cai500031
L1 Bithead

‎04-14-2025 11:12 PM

Hi everyone,

 

I'm a beginner of Cortex XDR.

 

I need to confirm what devices have older versions of powershell installed and when I search for apps named powershell using host inventory I can only get 300+ results for powershell 7.

I changed some keywords, i seems all other versions below powershell 7 are not searchable.

And I tried to use query builder to find files named powershell I could find more than 8000 results, apparently cortex is able to find older versions of powershell I just don't know the right way to do it.

 

Cortex XDR  

 

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
aspatil
L6 Presenter

‎04-15-2025 10:29 PM

Hello @G.Cai500031 ,

 

You may try below:
dataset = host_inventory
| filter applications != null
| arrayexpand applications
| alter app_name = json_extract(applications, "$.application_name"),
app_version = json_extract(applications, "$.version")
| filter app_name contains "powershell"
| filter app_version < "7"
| fields host_name, app_name, app_version
| sort asc host_name

 

If you feel this has answered your query, please let us know by clicking like and  on "mark this as a Solution". Thank you.

Ashutosh Patil

View solution in original post

4 REPLIES 4

Go to solution
aspatil
L6 Presenter

‎04-15-2025 10:29 PM

Hello @G.Cai500031 ,

 

You may try below:
dataset = host_inventory
| filter applications != null
| arrayexpand applications
| alter app_name = json_extract(applications, "$.application_name"),
app_version = json_extract(applications, "$.version")
| filter app_name contains "powershell"
| filter app_version < "7"
| fields host_name, app_name, app_version
| sort asc host_name

 

If you feel this has answered your query, please let us know by clicking like and  on "mark this as a Solution". Thank you.

Ashutosh Patil

Go to solution
G.Cai500031
L1 Bithead

‎04-16-2025 07:56 PM

Hi Aspatil,

Thank you for your reply.

I tried these commod but can only find 285 results.

It seems in the data set of host invebtory only have powershell 7 's information.画像 (1).png.

画像.png

0 Likes Likes

Go to solution
aspatil
L6 Presenter

‎04-17-2025 12:11 AM

There is a filter applied to display versions less that 7. You can modify it as per your requirement.

Ashutosh Patil
0 Likes Likes

Go to solution
G.Cai500031
L1 Bithead
In response to aspatil

‎04-17-2025 12:24 AM

I do use the filter. But no result found.

It seems Cortex didn't collect all the information.

Anyway, thank you for your answer. 🙂

画像 (2).png

 

0 Likes Likes
  • 1 accepted solution
  • 559 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks