Sophos Community
User
Site
Search
User
Toggle Mobile menu
Community & Product Forums
Community Blogs
Partners
Support Portal
Get started
Blogs
Sophos Community Blog
Sophos Endpoint
Sophos Firewall
Zero Trust Network Access
Sophos Switch
UTM Firewall
Sophos Wireless
Sophos Central
Sophos Cloud Optix
Sophos Central API
Sophos Factory
Sophos Email
Phish Threat
Sophos XDR
Sophos Mobile
On-Premise Endpoint
Encryption
Sophos Partners
Support Portal Feedback
Product Documentation Blog
SophosLabs
Free Tools
Sophos Integrations
Products
Endpoint Security
Endpoint protection - next-gen antivirus
Endpoint detection and response (XDR)
Mobile security
Email Security
Sophos Email
Phish Threat
Network Security
Sophos Firewall
UTM firewall
Zero trust network access (ZTNA)
Network detection and response (NDR)
Sophos Switch
Sophos Wireless
Cloud Security
Sophos Central
Sophos Cloud Optix
Sophos Home Premium
Sophos Home portal
Support Tools
Sophos integrations
Free tools
Services
Management platform
Sophos Central - sign in
Support portal - sign in
Community - sign in
Sophos Partners
Partners Corner
Partner blogs
Webinars and Events
Member Recognition
Community Leaderboards
Sophos Central login
Partner care
Become a partner
Join our program
Sophos Community: Getting started
How to get started
Frequently Asked Questions (FAQs)
SophosID Registration
How to contribute and participate
How to set up your profile
How to manage friends
How to manage private messages
How to manage digests, subscriptions, and notifications
Terms and Conditions of Use
Products and Services
Products
Endpoint Security
Endpoint protection - next-gen antivirus
Endpoint detection and response (XDR)
Mobile security
Email Security
Sophos Email
Phish Threat
Network Security
Sophos Firewall
UTM firewall
Zero trust network access (ZTNA)
Network detection and response (NDR)
Sophos Switch
Sophos Wireless
Cloud Security
Sophos Central
Sophos Cloud Optix
Sophos Home Premium
Sophos Home portal
Support Tools
Sophos integrations
Free tools
Services
Management platform
Sophos Central - sign in
Support portal - sign in
Community - sign in
Community Blogs
Blogs List 1
Sophos Community Blog
Sophos Endpoint
Sophos Firewall
Zero Trust Network Access
Sophos Switch
UTM Firewall
Sophos Wireless
Sophos Central
Sophos Cloud Optix
Sophos Central API
Sophos Factory
Sophos Email
Blogs List 2
Phish Threat
Sophos XDR
Sophos Mobile
On-Premise Endpoint
Encryption
Sophos Partners
Support Portal Feedback
Product Documentation Blog
SophosLabs
Free Tools
Sophos Integrations
Partners
Sophos Partners
Partners Corner
Partner blogs
Webinars and Events
Member Recognition
Community Leaderboards
Sophos Central login
Partner care
Become a partner
Join our program
Support Portal
Get started
Sophos Community: Getting started
How to get started
Frequently Asked Questions (FAQs)
SophosID Registration
How to contribute and participate
How to set up your profile
How to manage friends
How to manage private messages
How to manage digests, subscriptions, and notifications
Terms and Conditions of Use
Sophos Endpoint
Cloud Optix
Release Notes & News
Discussions
Recommended Reads
Early Access Programs
Threat Hunting Academy
Live Discover Query Forum
More
Cancel
New
Sophos Endpoint requires membership for participation - click to join
Overview
Live Discover allows you to check the devices that Sophos Central is managing, look for signs of a threat, or assess compliance.
New to Live Discover & Response queries? See
Getting Started In Live Discover - From Beginner to Advanced Query Creation
Make sure to also check out
Best Practices On Using Live Discover & Response Query Forum
and
Sophos EDR Threat Hunting Framework
.
Note:
For more information on Live Discover, please check out our
Product Documentation
.
Navigate to a category below to browse and submit a query
Browse Live Response and Discover Queries by Category
Uncategorized
Anomalies
ATT&CK
Compliance
Device
Email
Events
Files
Live Response
Network
Other queries
Processes
Query Tips
Registry
Threat Hunting
User
Data Lake
Browse Ideas in Category
By highest score
By date
By recent status change
Descending
Ascending
All ideas
Ideas you submitted
Ideas you voted on
With any status
With any open status
With any closed status
With held votes
Currently 'Completed (Brand-new content)'
Currently 'Completed (Content Update)'
Currently 'Completed (Minor Issue)'
Currently 'Approved'
Currently 'Under Review'
Currently 'Coming Soon'
Currently 'Not Planned'
Currently 'Complete'
No matching ideas found
