Sophos Endpoint

Discussions How can I search for a MD5 Hash with Sophos EndPoint

Sophos Endpoint requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 5 replies
Answers 1 answer
Subscribers 15 subscribers
Views 2525 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I search for a MD5 Hash with Sophos EndPoint

Hans_Dampf 4 months ago

I have a hash like: 6ea2c9276c122222222222f9ae2 i want to search on the clients for this hash. is there a posibility to search with Sophos EP?

This thread was automatically locked due to age.

Parents

0 Maxim-Sophos 4 months ago

You can do it if you have Intercept X Advanced w/XDR, but not with just Intercept X endpoint without XDR.
Cancel
Vote Up 0 Vote Down

Cancel
0 Hans_Dampf 4 months ago in reply to Maxim-Sophos

OK is there any documentation on how to search for it if you have XDR.
Cancel
Vote Up 0 Vote Down

Cancel
0 Maxim-Sophos 4 months ago in reply to Hans_Dampf

I believe it requires a Live Discover query of the endpoints themselves. Unfortunately I'm not an expert in Live Discover queries (or SQL). It looks like the table you want to query is called hash: https://osquery.io/schema/5.4.0#hash

You may have better luck in the XDR forum with finding help on writing the query.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Maxim-Sophos 4 months ago in reply to Hans_Dampf

I believe it requires a Live Discover query of the endpoints themselves. Unfortunately I'm not an expert in Live Discover queries (or SQL). It looks like the table you want to query is called hash: https://osquery.io/schema/5.4.0#hash

You may have better luck in the XDR forum with finding help on writing the query.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data