Hi everyone,
The Sophos Rapid Response service is essentially the team you never want to meet, if you have worked with us before it typically means you were in a very serious situation, maybe it was a virus spreading out of control, or a large scale ransomware attack. Whatever it is, we can help you with it, that is what we do, identify and neutralize the threat as quickly as possible while also undertaking a forensic investigation in order to understand what happened.
In order to do this we heavily utilize Sophos EDR and XDR to conduct threat hunts and investigations into suspicious activity. Because we believe the InfoSec community is enhanced by sharing we have now started to publish the most common Live Discover Queries we use onto our Github. At the time of writing this there are about 50 on there, with more being added all the time. We would love to hear your feedback, suggestions for improvements and requests for other queries.
https://github.com/SophosRapidResponse/OSQuery
For more information on Sophos Rapid Response visit here: https://www.sophos.com/RapidResponse
This is a wonderful share!