Sophos Community
Site
User
Site
Search
User
All Groups
Community Blogs & Events
Community Calendar
Sophos Community Blog
Community Security Blog
Getting Started
Member Recognition
Community Leaderboards
Sophos Partner Recognition
Sophos Techvids
Product Documentation
Support Portal
Sophos.com
More
Cancel
Intercept X Endpoint
More
EDR Data Lake EAP
Queries
Announcements
Discussions
Files
Queries
Members
Tags
More
Cancel
New
EDR Data Lake EAP requires membership for participation - click to join
By highest score
By date
By recent status change
Descending
Ascending
All ideas
Ideas you submitted
Ideas you voted on
With any status
With any open status
With any closed status
With held votes
Currently 'Approved'
Currently 'Under Review'
Currently 'Coming Soon'
Currently 'Not Planned'
Currently 'Complete'
List all endpoint tables
Karl_Ackerman
Under Review
0 Comments
When deployed with the Endpoint software the EDR Data lake will be filled with the results of scheduled queries that are managed by sophos. Each query results in a data set that is available in the data lake. To access the information from a specific...
13 Oct 2020 6:59 PM
network_interfaces
Karl_Ackerman
Under Review
0 Comments
list the devices network interfaces SCHEMA address string IPv4 address target broadcast string Broadcast address for the interface ibytes long Input bytes interface string Interface name mac string...
14 Oct 2020 12:19 PM
windows_event_disallowed_credentials
Karl_Ackerman
Under Review
0 Comments
windows_event_disallowed_credentials SCHEMA cred_type string Types of credentials which were presented for delegation description string Plugin description text eventid int The Windows event ID package string...
14 Oct 2020 7:37 PM
vulnerability_unrestricted_paths_item_data
Karl_Ackerman
Under Review
0 Comments
vulnerability_unrestricted_paths_item_data SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent...
14 Oct 2020 7:25 PM
vulnerability_sehop_validation
Karl_Ackerman
Under Review
0 Comments
vulnerability_sehop_validation SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry...
14 Oct 2020 7:13 PM
firefox_addons
Karl_Ackerman
Coming Soon
0 Comments
Firefox addons from devices with that browser If you do not have firefox on any devices like me then you will not have any data, if someone could test that would be great. Schema: creator string Addon-supported creator string description...
13 Oct 2020 8:05 PM
vulnerability_app_compatibility
Karl_Ackerman
Under Review
0 Comments
This detects a potential vulnerability in application compatibility mode being set https://www.itnews.com.au/news/windows-compatibility-mode-resurfaces-old-flaws-473058 Schema analysis string JSON object representing the analysis ...
14 Oct 2020 1:22 PM
Arp Cache
Karl_Ackerman
Complete
0 Comments
The arp cache information from each device can be used to help discover unmanaged devices in the sub-net that may have not generated any traffic that has transited the firewall. We extend the arp_cache query results with the common decorations, generic...
14 Oct 2020 9:56 PM
windows_event_dos_attack_detected
Karl_Ackerman
Under Review
0 Comments
windows_event_dos_attack_detected SCHEMA description string Plugin description text eventid int The Windows event ID provider_name string The Windows event provider source string The Windows event source ...
14 Oct 2020 7:39 PM
launchd_md5
Karl_Ackerman
Under Review
0 Comments
This collects the SHA256 and SHA1 has of launchd processes on LINUX and no I do not know why the scheduled query has an MD5 in the name seeing as we do not get the MD5 value. launchd launchd has two main tasks. The first is to boot the system, and...
13 Oct 2020 10:01 PM
>