New Sophos Support Phone Numbers in Effect July 1st, 2023

Sophos Endpoint

Other queries

Sophos Endpoint requires membership for participation - click to join

Overview

Live Discover allows you to check the devices that Sophos Central is managing, look for signs of a threat, or assess compliance.

New to Live Discover & Response queries? See Getting Started In Live Discover - From Beginner to Advanced Query Creation
Make sure to also check out Best Practices On Using Live Discover & Response Query Forum and Sophos EDR Threat Hunting Framework.

Note: For more information on Live Discover, please check out our Product Documentation.

Navigate to a category below to browse and submit a query

Browse Ideas in Category

Query IPS (snort) Rules on Endpoint

JeramyKopacko
- Approved on 25 May 2021
- 0 Comments
Many thanks to Karl_Ackerman for the assist on completing this query. It may be valuable to discover what rule sets are currently deployed to your snort (IPS) engine. WITH ips_rule_table AS (SELECT * FROM grep WHERE path = 'C:\ProgramData\Sophos\Sophos...
- 25 May 2021 4:20 PM
Query Deployed Integrations

Qoosh
- Approved on 21 Feb 2023
- 0 Comments
This query will list all deployed MDR Integrations. SELECT sensor_type Integration_Category, sensor_vendor Vendor, COUNT(*) Records, CAST(CAST(SUM(upload_size)/1024.0 AS DECIMAL(10,2)) AS VARCHAR)||'KB' Data_uploaded, CAST(DATE_DIFF('hour...
- 7 Dec 2022 2:57 AM