This query is one you are recommended to read the FULL content of the post to use. It is not simply a copy and paste query, like others in the forum. It is valuable in the right situation.

Live Discover Query - General IT queries


I have been looking at Live Discover and like the look of it. I am not an expert in Threat Hunting, but I was hoping I could use Live Discover to help me with my day to day IT tasks. I was thinking along the lines of the following.

  • Machine is NOT fully patched. I know I can look for a specific missing patch, but would like to list all machines that are out of date
  • User logged on with admin rights
  • Machines with X software installed. QuickTime would be a good example in my case
  • Retrieve software version. I was thinking about Acrobat DC as Application Control can only block DC as a whole, not a certain version. I need to find all the out of date DC
  • When did the user last use a certain application. I could remove it, if they weren't using it

I am not sure where to start. Could someone please give me some guidance.

Best wishes Michael 

Parents Comment Children
No Data