I'm looking for a solution to make use of the DateLake data (I'm still XDR / LiveDiscover newbie). I would like to query all local administrators of computers that do not have the default names.
For this I already have a small query, which works fine as an endpoint query. Is there a technical possibility to run this query also in the DataLake?
SELECT username, groupname, type, u.UID, g.GID, Description, comment
FROM users u
JOIN user_groups ug ON ug.UID = u.UID
JOIN groups g ON g.GID = ug.GID
WHERE g.group_sid = "S-1-5-32-544"
and username != "Administrator"
and username != "testadmin"
Thanks for your help!
Hello Florian,Thank you, In order to give light to this query I would like to ask you to post this on our "Live discover Query page" in order for our experts to provide answers to your query.