Sophos Community
Site
User
Site
Search
User
Sophos Community
Intercept X Endpoint
Sophos (XG) Firewall
Zero Trust Network Access (EAP)
UTM Firewall
Sophos Partners
Product Documentation
Community Chat
Community Blogs & Events
Community Calendar
Sophos Community Blog
Community Security Blog
Getting Started
Sophos Partners
Member Recognition
Community Leaderboards
Support Videos
Product Documentation
Feedback on Product Documentation
Support Portal
Sophos.com
More
Cancel
Intercept X Endpoint
Live Discover & Response Query Forum
Release Notes & News
Discussions
Recommended Reads
Threat Hunting Academy
Early Access Programs
Live Discover & Response Query Forum
More
Cancel
New
By highest score
By date
By recent status change
Descending
Ascending
All ideas
Ideas you submitted
Ideas you voted on
With any status
With any open status
With any closed status
With held votes
Currently 'Completed (Brand-new content)'
Currently 'Completed (Content Update)'
Currently 'Completed (Minor Issue)'
Currently 'Approved'
Currently 'Under Review'
Currently 'Coming Soon'
Currently 'Not Planned'
Currently 'Complete'
In any category
Not categorized
In 'Live Discover'
In 'Live Response'
Search subfolders for a specific filename or extension.
Genc Kelmendi
Under Review
Live Discover
0 Comments
Useful query to search entire subfolders for a specific extension or a filename. Supports wildcards in path and filename. SELECT path, directory, filename, device, size FROM file WHERE directory LIKE 'C:\users\%\desktop%%' AND filename LIKE '%%.exe...
11 Apr 2021 2:34 PM
Finding the Sophos Machine ID
AndyM
Under Review
Live Discover
1 Comment
Each device managed by Sophos has a unique machineID. This is created at the time of installation. There are some scenarios where it's useful to be able to search for a unique machineID, or a collection of them. -- Name: List Sophos Machine IDs ...
6 Apr 2021 3:24 PM
Hafnium check
Karl_Ackerman
Under Review
Live Discover
1 Comment
WE have a number of queries for hafnium and additional news articles. Check out the news https://news.sophos.com/en-us/2021/03/05/hafnium-advice-about-the-new-nation-state-attack/ See the video on how to take the query from the article and run it...
26 Mar 2021 12:42 PM
Excluding Hashes from various scans
Gerald Szakal1
Under Review
Live Discover
3 Comments
Hello all I am running a number of scans including but not limited to "Unsigned applications that were run" which I believe I got from this site. I find the results to be extremely "busy" with so many pages it is almost unusable (155). I am looking...
23 Mar 2021 4:48 PM
information of computer OFFLINE
Victor Domingo
Under Review
Live Discover
1 Comment
Hello friends,How is it possible to obtain the information from disconnected computers.
22 Mar 2021 11:47 AM
How can I adjust this query so that it uses a list of items instead of just one file?
Brian Dake
Under Review
Live Discover
2 Comments
I assume that searching for a list of files at once would be faster than searching for each file individually. So, how can I adjust this query so that it uses a list of items instead of just one file? --- Descriptive name Variable type SQL Variable...
18 Mar 2021 10:00 PM
query with windows 10 updates
Victor Domingo
Under Review
Live Discover
2 Comments
hello friends, someone knows how to check the pending updates of windows 10. thanks
17 Mar 2021 8:40 AM
List top threat indicators for Windows
Karl_Ackerman
Under Review
Live Discover
0 Comments
This query evaluates the machine learning and reputation scores to provide a list of the most suspect executables observed in the environment. Descriptive name Variable Type Notes Begin Search on date $$Begin Search on date...
15 Mar 2021 9:22 PM
Generic Network activity search (Windows)
Karl_Ackerman
Under Review
Live Discover
0 Comments
This query provides a generic search for IP address and port information Descriptive name Variable Type Notes Begin Search on date $$Begin Search on date$$ DATE Provide a start date for the search Hours to Search $$Hours...
15 Mar 2021 8:55 PM
Generic Process Search on Windows
Karl_Ackerman
Under Review
Live Discover
0 Comments
Hi folks, Sophos already published a canned query for 'Search for processes (Windows)', and while that one is really useful I had some asks for a different approach that allowed for larger time windows in the search and some different parameters. ...
15 Mar 2021 6:35 PM
>