I posted the relevance over on Reddit, but I’ll post it here as well. I have some other properties I pull (CID License Keys (we have two environments so it helps to keep track of which endpoints are connected to which system. If you want them, let me know.
On Linux systems you need to run a Task to export the Version information. I haven’t found it in any files other than where I export it to …
If (Windows of Operating System) THEN (IF (Exists Folder "C:\Program Files\CrowdStrike") THEN (Version of File "CSFalconService.exe" of Folder "C:\Program Files\CrowdStrike") as String ELSE (NOTHING)) ELSE (IF (Mac of Operating System) THEN (IF (Exists Folder "/Library/CS/kexts") THEN ((string "CFBundleShortVersionString" of dictionary of file "/Library/CS/kexts/Agent.kext/Contents/Info.plist") AS String) ELSE (IF (Exists Folder "/Library/CS/kexts") THEN ((string "CFBundleShortVersionString" of dictionary of file "/Library/CS/kexts/Agent.kext/Contents/Info.plist") AS String) ELSE (IF (Exists Folder "/Applications/Falcon.app/Contents") THEN ((string "CFBundleShortVersionString" of dictionary of file "/Applications/Falcon.app/Contents/Info.plist") AS String) ELSE (NOTHING)))) ELSE (IF (Exists Folder "/opt/CrowdStrike" whose (exists File "version.txt" of it)) THEN (((first ((length of (substring after "= " of Line 1 of file "version.txt" of folder "/opt/CrowdStrike"))) of (substring after "= " of Line 1 of file "version.txt" of folder "/opt/CrowdStrike")) as String)) ELSE (IF ((exists RPM) AND (Exists (packages whose (it as string contains "falcon") of rpm))) THEN (substring after ("falcon-sensor-") of ((packages whose (it as string contains "falcon") of rpm) as string)) ELSE (NOTHING))))
The task I run to create the version.txt file on Linux systems is …
createfile until ##END##
cd /opt/CrowdStrike
./falconctl -g --version > /opt/CrowdStrike/version.txt
##END##
delete FalconVersion.sh
move __createfile FalconVersion.sh
wait chmod +x FalconVersion.sh
wait ./FalconVersion.sh