• Is Sophos CPU history recorded in Data Lake?

    Is Sophos CPU history recorded in Data Lake?

  • Protected devices/users

    Hi! I wanted to know if there is a way to download the list of users and the serial numbers of the computers assigned to them. From what I've seen in the reports section, it doesn't allow modifying the columns. Do you know if it's possible to download…

  • Finding where the domain users group added to the remote desktop users local group

    Hi, Is there any osquery to get all the domain-joined machines where the "Domain Users" group is added to the "Remote Desktop Users" local group?

  • How can I search for a MD5 Hash with Sophos EndPoint

    I have a hash like: 6ea2c9276c122222222222f9ae2 i want to search on the clients for this hash. is there a posibility to search with Sophos EP?

  • Query for : IP/URLs accessed from Mac user or deivces

    Is there a query that can be used to see if a user or Mac device has accessed a specific IP or website?

  • Any way to query events for 'Applications and Services Logs' via Live Discover?

    Hello everyone, I understand there is a way to query for event logs in Live Discovery. From what I see, it may be limited to Windows Logs only i.e Application, Security, Setup, and System event logs. I tried querying an event id, but it pulled from…

  • live discovery query for: web browsing activity of MAC device

    Hi, Please let us know if there is a sql query for get all web browsing activity of user/ computer for MAC devices on sophos central. I found we have inbuilt query available for Windows as : "URLs accessed on Windows (Data Lake)". Kindly let…

  • Retrieve more information of client devices?

    Hello dear Sophos Community, we have some old devices in our company and I noticed that the sophos agent collects data like Processor structure and Operating System but now my question is; Can I get Sophos to collect more information than this from…

  • Datalake Query windows_programs with some empty "name" columns

    I am playing around with the XDR Datalake. The goal is to use the XDR Datalake for our inventory. So we do not have manually update it. I can get all installed software from the Datalake thanks to the query "windows_programs". However in this query…

  • Display Installed Programs on Computers

    Hello, I want to display installed programs on my users' computers. I wonder if i can do that with Sophos. Thanks,

  • Core Agent report Sophos Central

    Hi, How to generate a report of Core Agent version of all devices? Excel or CSV, do not mind

  • Custom Query Intermittent Results

    We have created a custom query to allow us to find specific file names and path on any system within our tenant. SELECT file, path FROM sophos_file_journal WHERE file LIKE '$$Filename$$'; This is very temperamental, as it will sometimes return a result…

  • Need help in building OS Query for Finding SHA1 andSHA256

    Hello All, I have been trying to create custom queries in Sophos Central for finding IoCs (SHA1 and SHA256). Can you please help me build query for the same? Regards, Jenil

  • Sophos XDR Technical Demo (23 minutes)

    I upgraded my subs to XDR and looked to following video: https://vimeo.com/519661823 Unfortunately I do not see tables mentioned there like: Data Lake hydration queries query result List all EP and XG FW Tables Windows programs Inventory search…

  • Scheduled query - recommendation

    I have mixed Mac and Windows environment. So far I scheduled weekly two queries: Pending macOS updates Data Lake Pending Windows updates Data Lake Do you have any other recommendation what makes sense to run using the schedule ?

  • Detections Many Level 4 messages

    Hello, Just upgraded my license to XDR and now under detections I see many level 4 warnings like: SRP path rules missing. Secure boot supported but not enabled. DEP is not Admin Opt-out or Always-on. Applications with special compatibility…

  • Intercep C XDR: Manage On-disk Data Storage

    Hello Community, we are testing Endpoint Protection in Sophos Central. The Tech Specs contains the Features "Sophos Data Lake Cloud Storage" and "On-disk Data Storage". I found "Upload to the Data Lake" in the Global Settings. But I do not find "On…

  • Users who have administrative access

    Hello everybody. is there any query that checks all users with administrative privileges on the network? Thanks

  • Checking the status of OS updates via Sophos Central

    On Sophos Central is there a way to check devices for the status of OS updates to ensure they are up to date? Windows MacOS Linux

  • Checking what other applications are installed on a device via Sophos Central?

    Is there a way to check what applications are installed on a device and if these are up to date via Sophos Central?

  • how to find and delete IOC by using XDR

    i have intercept-X with XDR installed i want to see that if any particular IOC is present or not??? if present then how can i delete it?? please guide.

  • How to list the installed applications in end devices

    How to list all installed applications in the windows end devices/Clients using sophos Threat Analysis Center.

  • Search event logs by specific event ID

    Hello, we would like to have a query to search specific events on Windows from EventID variable. Thanks in advance

  • Query all website URL access from User devices (Windows)

    Hello, i need to know all website that user access from their devices, can XDR do this? If XDR can do it, please guide me to query. thanks

  • Query to check file contents

    Hello, I want to have a query to check for possible PII. There is the query to check for metadata such a password.docx or password.txt. Below is what I have so far and this works as long as you have the exact file path and pattern you are looking…
Unfiltered HTML