Forum Discussion
dmarquesgn
May 09, 2022Iron Contributor
Use case to check for new installed application on Windows devices
Hi, I need to build a use case to detect and create an alert (weekly for example) for new installed application on my Windows workstations and servers. On the TVM I have the list of installed appli...
MichaelJMelone
Microsoft
Jun 08, 2022Hello dmarquesgn! I am not 100% sure this will be totally accurate at the moment, but I think you might be able to get newly detected software after a specified datetime by using the export software inventory API. If you look at the parameters in section 1.6.1 you'll notice an option for sincetime. You can also use it without that parameter and you'll be able to get the time it was first seen in the softwareFirstSeenTimestamp field. doc: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/get-assessment-software-inventory?view=o365-worldwide#1-export-software-inventory-assessment-json-response