windows_event_invalid_logon_brute_force SCHEMA authentication_package string The name of the authentication package which was used for the logon description string Plugin description text eventid int The Windows event...

windows_event_invalid_logon SCHEMA authentication_package string The name of the authentication package which was used for the logon description string Plugin description text eventid int The Windows event ID failure_reason...

Linux running processes SCHEMA cmdline string Process command line egid long Effective group ID at process start euid long Effective user ID at process start gid long Group ID (unsigned) of the user running...

Detect developer mode SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry write ...

List the tables in the data lake from an XG Firewall. -- List ALL XG FW Tables SELECT DISTINCT log_type, log_component, COUNT(dist_key) entries FROM xgfw_data GROUP BY log_type, log_component ORDER By log_type, log_component ASC Sample results...

When deployed with the Endpoint software the EDR Data lake will be filled with the results of scheduled queries that are managed by sophos. Each query results in a data set that is available in the data lake. To access the information from a specific...

list the devices network interfaces SCHEMA address string IPv4 address target broadcast string Broadcast address for the interface ibytes long Input bytes interface string Interface name mac string ...

windows_event_disallowed_credentials SCHEMA cred_type string Types of credentials which were presented for delegation description string Plugin description text eventid int The Windows event ID package string...

vulnerability_unrestricted_paths_item_data SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent...

vulnerability_sehop_validation SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry write...