This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Live Discover Sophos Product Updates - in particular NTP: Network Threat Protection

Today Sophos is pushing new updates to NTP Engine, causing short outages on every computer.

This produces some ammount of calls in our helpdesk and I'd like to run a query in Live Discover about computers that have received the update.

This would be nice for all Sophos Updates, because Central basic logging does not log update events at all.

Can Sophos please provide such query code?

If this will get logged normally some day, no manual query would needed anymore.

community.sophos.com/.../updates-of-sophos-network-threat-protection-module-causing-outages



This thread was automatically locked due to age.
Parents
  • Can you use a data lake query that uses the windows_programs: Document (sophos.com)

    SELECT
    distinct meta_hostname AS ep_name,
    name,
    version,
    language,
    install_source,
    publisher,
    identifying_number,
    install_date
    FROM xdr_data
    WHERE query_name = 'windows_programs' 
    and name ='Sophos Network Threat Protection'
    and version='1.14.38.0'

    I'm not sure of the version but you can check a computer or leave that out of the where clause and just export all the data to Excel and use a pivot table.

Reply
  • Can you use a data lake query that uses the windows_programs: Document (sophos.com)

    SELECT
    distinct meta_hostname AS ep_name,
    name,
    version,
    language,
    install_source,
    publisher,
    identifying_number,
    install_date
    FROM xdr_data
    WHERE query_name = 'windows_programs' 
    and name ='Sophos Network Threat Protection'
    and version='1.14.38.0'

    I'm not sure of the version but you can check a computer or leave that out of the where clause and just export all the data to Excel and use a pivot table.

Children