From 28d946e31e82457a8dd37e01c55b2d2aaefa10a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Mu=CC=88nch?= Date: Wed, 2 Oct 2024 11:57:10 +0200 Subject: [PATCH] fix sentinelone check in edr policy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Münch --- core/mondoo-edr-policy.mql.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/core/mondoo-edr-policy.mql.yaml b/core/mondoo-edr-policy.mql.yaml index 5f032647..7a308ad5 100644 --- a/core/mondoo-edr-policy.mql.yaml +++ b/core/mondoo-edr-policy.mql.yaml @@ -3,7 +3,7 @@ policies: - uid: mondoo-edr-policy name: Mondoo Endpoint Detection and Response (EDR) - version: 1.3.1 + version: 1.4.0 license: BUSL-1.1 tags: mondoo.com/category: security @@ -95,7 +95,7 @@ queries: filters: asset.family.contains('linux') mql: | package('falcon-sensor').installed || - ['SentinelAgent', 'sentinelagent'].all(package(_).installed) || + ['SentinelAgent', 'sentinelagent'].any(package(_).installed) || file('/opt/eset/RemoteAdministrator/Agent').exists - uid: mondoo-edr-policy-ensure-edr-agent-is-installed-windows filters: asset.family.contains('windows')