This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Query Local Administrators / Endpoint Query / DataLake Query

Hello Community!

I'm looking for a solution to make use of the DateLake data (I'm still XDR / LiveDiscover newbie). I would like to query all local administrators of computers that do not have the default names.

For this I already have a small query, which works fine as an endpoint query. Is there a technical possibility to run this query also in the DataLake?

My query:

 

SELECT username, groupname, type, u.UID, g.GID, Description, comment
FROM users u
JOIN user_groups ug ON ug.UID = u.UID
JOIN groups g ON g.GID = ug.GID
WHERE g.group_sid = "S-1-5-32-544"
and username != "Administrator"
and username != "testadmin"

Thanks for your help!

Florian



This thread was automatically locked due to age.