Basic search which lists processes that include log4j in the cmdline> on Windows, Mac and Linux. The query returns a lot of results but works for an insight into what's running on the estate.
meta_hostname AS ep_name,
Note: This query is designed for Linux only. For a basic search which lists processes called Log4J on Windows, Mac and Linux, please view this query.
This query helps customers identify vulnerable Log4J components in their environment. It shows Log4J...
we've combined the data from a few queries to present an all-in-one view of devices which need to be rebooted by returning the total uptime, the last time a Microsoft patch was installed, and if there are any pending restart requests.
BIG thanks to RaviSoni for all the hard work on the detail in this query.
You can use the query below to get more context on the health status of Windows machines via Endpoint Live Discover. e.g. which area is causing a bad health (Service or Threat...
The current query for "Patches applied" lists all the patches applied, but does not include patches applied via MSI or downloaded from Windows Update.
SELECT hotfix_id, description, installed_by, installed_on FROM patches
This query will parse the Web Intelligence log files and display the URL's that users have visited or have attempted to visit, Category of the URL, Action was taken etc. This gives a rough idea of what users have visited on a specific date.
I am not sure if I am in the right place here.
We need a query who changed an Active Directory object. E.g. who disabled or enabled a computer in AD.
There are queries for user objects but I haven't found any for computer objects.