I have a hash like: 6ea2c9276c122222222222f9ae2 i want to search on the clients for this hash. is there a posibility to search with Sophos EP?
Added Tags
[edited by: GlennSen at 10:38 AM (GMT -7) on 3 Jul 2024]
I have a hash like: 6ea2c9276c122222222222f9ae2 i want to search on the clients for this hash. is there a posibility to search with Sophos EP?
You can do it if you have Intercept X Advanced w/XDR, but not with just Intercept X endpoint without XDR.
OK is there any documentation on how to search for it if you have XDR.
I believe it requires a Live Discover query of the endpoints themselves. Unfortunately I'm not an expert in Live Discover queries (or SQL). It looks like the table you want to query is called hash: https://osquery.io/schema/5.4.0#hash
You may have better luck in the XDR forum with finding help on writing the query.
I believe it requires a Live Discover query of the endpoints themselves. Unfortunately I'm not an expert in Live Discover queries (or SQL). It looks like the table you want to query is called hash: https://osquery.io/schema/5.4.0#hash
You may have better luck in the XDR forum with finding help on writing the query.