Evaluate Operating System Prevalence
This query counts how many Windows endpoints are running each OS version (like Windows 10, Windows 11, etc.) in your CrowdStrike environment. It groups endpoints by their current OS product name and returns the count for each version.
EDRmonitoring
FDR intermediatepor CrowdStrike (cql-hub.com) 1 min read
Query
#event_simpleName=OsVersionInfo event_platform=Win
| groupby(aid, function=selectLast([ProductName]))
| groupBy([ProductName], function=stats([count(aid, as="endpointCount")]))Explicación
Importado desde cql-hub.com. Agrega explicación de pipes aquí.
Variables a ajustar
Revisa y ajusta los valores según tu entorno.