The week of May 18 we will be turning on two powerful new capabilities in the EAP, Edit Query and Query Variables.

CREATE, SAVE queries - With this new capability you can now create and save your own queries, This will allow you to start from scratch or modify an existing query.  You will need to give your query a name, description, identify one or more categories it will be a part of and specify what operating systems you expect it to work on. 

If you choose to EDIT one of your queries it will replace the original version with the new version, so if you want to keep track of old versions you will have to copy the SQL from the first query and create a new one.

You can run the query and make edits to the SQL before you chose to save it.  If you have SQL errors they will show up in the telemetry section for the device you ran it on.  

I recommend running it on a single device until you are happy it is working as desired then saving it before you run it across multiple devices.

 

Below is a new query to list if any processes are running without corresponding disk images.

If you edit a sophos query and want to save it you will need to give it a new name. the original Sophos query can not be deleted.

Have fun.

Anonymous