Torrent Software Bundle

The Torrent Software Bundle contains a number of queries that will help to find torrent software installed in the environment.

Each of these queries is tagged with "AX - Torrent". The download link is available on the "Where can I download the Axonius Saved Query Bundles" article, or directly from this link

Our suggested chart is simply to create a "Query Comparison" type chart, and add each of the queries.

As always, we are open to any suggestions for additional torrenting software that should be added to this list.

The following software is included in the bundle:

BitComet
BitTorrent
BitTorrent Sync
Deluge Torrent
qBittorrent
Torrent
Torrent2Exe
NOTE: There are additional queries which include the 'µ' character instead of 'u'.
uTorrent
uTorrent Cleaner
uTorrent Web
WebTorrent
0

Comments

7 comments
  • Here are some additional P2P clients that we search for:

    transmission
    mediaget
    zona
    deluge
    bigly
    tixati

    as well as...

    popcorn / popcorn time

    ...but not popcornflix, which is a legitimate streaming service, not a P2P app. This regex catches popcorn and variants w/o catching Popcornflix:

    popcorn(?!flix)

     

    0
  • Thanks for the suggestions!

    I should be able to get the team to add the additional P2P clients, along with an exclusion for "installed software not equal to popcornflix".

    0
  • Wouldn't "installed software not equal to popcornflix" effectively exclude any devices which happened to have Popcornflix installed from being included in the results? For example, if a device had both Popcornflix and BitComet installed, it would be excluded by this rule, even though BitComet is there.

    0
  • Each of the queries in the bundle are actually their own Saved Query. So what I will do is modify the Popcorn Time search to be something like this:

     

    I don't have a system with Popcorn / Popcorn Time on it OR PopcornFlix, so I can't test it thoroughly, but that should work.

    1
  • Agreed. That should do it. Thanks, Geran.

    0
  • We have a policy list of restricted software (over a hundred entries). Is there a way to use a csv lookup (or other options) instead of configuring multiple OR statements in the wizard?

    0
  • Miguel, we can discuss more in a ticket or another post if you're interested. 

    There are a few routes I see:

    • The Installed Software: Software Name field will let you use an "In" function to provide a comma separated list of software names. This would be case sensitive though.
    • You could use the regex function in the Query Wizard and provide a regex filter that meets that different software names. Outside of any complicated regex, you can use softwarename1 | softwarename2 | softwarename3. Where the line character states "OR" in regex.
    • You could use the API to generate a query that has the OR statements.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post