Checking the status of Windows update with Osquery

  • Firewall status firewall
    The health of the monitored Firewall products (see the Osquery windows_security_products table)
  • Windows Auto Update autoupdate
    The health status of the Windows Auto-update feature
  • Antivirus Status antivirus
    The health of the monitored Antivirus solution (see the Osquery windows_security_products table)
  • Anti-spyware Status antispyware
    The health of the monitored Anti-spyware solution (see the Osquery windows_security_products)
  • Internet Settings internet_settings
    The health of the Internet Settings. Please see the Windows Security Centers settings for best practice.
  • Windows Security Center Service windows_security_center_service
    The health of the Windows Security Center Service
  • User account control (UAC) user_account_control
    The health of the User Account Control (UAC) capability in Windows
osquery> SELECT autoupdate FROM windows_security_center;+------------+
| autoupdate |
+------------+
| Good |
+------------+
osquery> SELECT CASE WHEN autoupdate = 'Good' THEN TRUE ELSE FALSE END AS autoupdate FROM windows_security_center;+------------+
| autoupdate |
+------------+
| 1 |
+------------+
osquery> SELECT * FROM windows_security_products;

Windows Group Policy Object check

SELECT
COUNT(*) AS passed
FROM
registry
WHERE
key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU'
AND name = 'NoAutoUpdate'
AND data = '0';
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

Its all over!

--

--

--

Real-time security and compliance delivered.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

European Cyber Security Challenge Final 2017 in Málaga Spain

Blockchain and Carbon Footprints

Yet another report on the drive to destroy security by removing passwords

{UPDATE} Wild Jungle Hack Free Resources Generator

Top KYC and AML news of the week | 01 October — 08 October’21

Stop doing security the ‘right’ way

{UPDATE} DueLito Hack Free Resources Generator

{UPDATE} Truth or Dare Teens Game Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Zercurity

Zercurity

Real-time security and compliance delivered.

More from Medium

Advisory and Exploitation: The MELAG FTP Server

The Conti Leaks emphasize the need for detection based on threat behaviors

Tutela Windows Agent now ships with Forensics and in-built IDS

Hunting suspicious LDAP queries in tons of logs