Overview
Live Discover allows you to check the devices that Sophos Central is managing, look for signs of a threat, or assess compliance.

New to Live Discover & Response queries? See Getting Started In Live Discover - From Beginner to Advanced Query Creation
Make sure to also check out Best Practices On Using Live Discover & Response Query Forum and Sophos EDR Threat Hunting Framework.

Note: For more information on Live Discover, please check out our Product Documentation.

Navigate to a category below to browse and submit a query

Browse Live Response and Discover Queries by Category
Browse Ideas in Category

  • Search mail flow logs for specific URL

    JeramyKopacko
    • Approved on
    • 0 Comments
    This query will use the Sophos Central Email Maiflow connector (avail for Office 365) data to search for a specific URL in your users mail. This may be useful to see how many people saw a certain link or identify who may have interacted with it. --...
Unfiltered HTML