Analysis - Report New Installed Applications

Am trying to develop an analysis that can detect new applications installed, and that can show the name of the application,version, .


1 Like

Try something like this:
(description of it, time generated of it, user sid of it) of records whose (event id of it = 1033 AND now - time generated of it < 1*day AND source of it contains “MsiInstaller”) of application event log

This seems to work. I was looking at another conversation. Some one posted this code. The analysis tool is trying to jam too much information in one single line. Is there a way to separate the results for a given computer using two separate columns or two separate rows. If is two separate columns, on column could be showing the first application recently installed, and the second column could be showing the second installed application. I just want to limit the report to a single day and probably most recent application(s). Usually, we only push one application for all our computer, per day.

((it as string as trimmed string) of values “DisplayName” of it, (it as string as trimmed string) of values “InstallDate” of it) whose( 7*day >= ( (current date - (it as date) of (last 2 of it & " " & (substring (4,2) of it as integer as month as three letters) & " " & first 4 of it) ) of item 1 of it ) ) of keys of keys “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of (x64 registries;x32 registries)

1 Like