• Live Discover: Query Cancelled: E Process SophosOsqueryExtension.exe exceeded 30% CPU limit

    Hi, I need this Live Response quickly, unfortunately Sophos Intercept X is aborting the Query. What is this and how do I get to my data? I just want to use that product with a default query! 2022-03-31T14:29:22.937Z [ 9644: 8204] E Process SophosOsqueryExtension…

  • Windows Update Query

    Hello - Does anyone have a query they have used to see if Windows Update is running on an endpoint?

  • Where can we get help for XDR Queries?

    Hi, it there a better place for discussing about Live or Data Lake Queries than the " Live Discover & Response Query Forum "? There is not much resoponse there. Or should I contact support for special questions? Regards

  • Datalake Performance Issues

    Hi, Does anyone else have issues with Datalake queries just timing out? It's been pretty unusable for us every since we turned on the function. We have around 15,000 endpoints on our Central environment so I wonder if it's just down to the sheer volume…

  • Windows Servers: Live discover and MTR not working. MCS Client: W (async) connection timeout, W [push]: error creating async stream: 0

    MTR team wrote us that some of our servers cannot be managed by them. This maybe in relation with this thread But here is no 503 error in MCSClient.log and the client is green for MCS communication There has been an other thread here also with…

  • How can I search for a HASH list with live discover?

    Hello. I´m trying to create a query that allows me to check if a HASH from a list (with a comma separated) is located on some device. The problem I have when consulting the hash table is that it does not show me any value if I do not define a directory…

  • [LiveDiscoverHelp] "Retrieve the list of the installed non Microsoft software version"

    Hi Team, Community, Could you help to share a query allowing to retrieve the list of the installed non Microsoft software version ? thank you so much in advance

  • Live Discover for Parent_Sophos_PID without result - how can that be?

    Im trying to get the root process for an event on a client currently offline. Using Data Lake query. However, the Parent PID Search gives no results.The Event is 14 days old. I thought the Sophos PID is THE idicator of something in the Data Lake - how…

  • Live Discover Query to identify application trying to access specific remote port

    Hi I want to detect what program in a Windows PC with Sophos Endpoint is trying to access a service running at a specific port in other equipament in my network. Its possible to do that with at Sophos Central, with Live Discovery?

  • Live Discover Sophos Product Updates - in particular NTP: Network Threat Protection

    Today Sophos is pushing new updates to NTP Engine, causing short outages on every computer. This produces some ammount of calls in our helpdesk and I'd like to run a query in Live Discover about computers that have received the update. This would…

  • Check Confluence Version to confirm Patch - Confluence Server Webwork OGNL injection (CVE-2021-26084)

    This query will check the installed version of Confluence and print the message IF the installed confluence version is PATCHED or NOT PATCHED. SELECT DISTINCT 'Check Confluence Version to confirm Patch' Test, CASE version WHEN '6.13.23' THEN…
Unfiltered HTML