Sophos Rapid Response team sharing their EDR queries on GitHub

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Hi everyone, 

The Sophos Rapid Response service is essentially the team you never want to meet, if you have worked with us before it typically means you were in a very serious situation, maybe it was a virus spreading out of control, or a large scale ransomware attack. Whatever it is, we can help you with it, that is what we do, identify and neutralize the threat as quickly as possible while also undertaking a forensic investigation in order to understand what happened.

In order to do this we heavily utilize Sophos EDR and XDR to conduct threat hunts and investigations into suspicious activity. Because we believe the InfoSec community is enhanced by sharing we have now started to publish the most common Live Discover Queries we use onto our Github. At the time of writing this there are about 50 on there, with more being added all the time. We would love to hear your feedback, suggestions for improvements and requests for other queries.

https://github.com/SophosRapidResponse/OSQuery 

For more information on Sophos Rapid Response visit here: https://www.sophos.com/RapidResponse 



Added Disclaimer
[edited by: GlennSen at 3:42 PM (GMT -7) on 5 Apr 2023]