Hello Community!
I'm looking for a solution to make use of the DateLake data (I'm still XDR / LiveDiscover newbie). I would like to query all local administrators of computers that do not have the default names.
For this I already have a small query, which works fine as an endpoint query. Is there a technical possibility to run this query also in the DataLake?
My query:
SELECT username, groupname, type, u.UID, g.GID, Description, comment FROM users u JOIN user_groups ug ON ug.UID = u.UID JOIN groups g ON g.GID = ug.GID WHERE g.group_sid = "S-1-5-32-544" and username != "Administrator" and username != "testadmin"
Thanks for your help!
Florian
This thread was automatically locked due to age.
