• Search subfolders for a specific filename or extension.

    • Under Review
    • Live Discover
    • 0 Comments
    Useful query to search entire subfolders for a specific extension or a filename. Supports wildcards in path and filename. SELECT path, directory, filename, device, size FROM file WHERE directory LIKE 'C:\users\%\desktop%%' AND filename LIKE '%%.exe...
    • 11 Apr 2021 2:34 PM
  • Finding the Sophos Machine ID

    • Under Review
    • Live Discover
    • 1 Comment
    Each device managed by Sophos has a unique machineID. This is created at the time of installation. There are some scenarios where it's useful to be able to search for a unique machineID, or a collection of them. -- Name: List Sophos Machine IDs ...
    • 6 Apr 2021 3:24 PM
  • Hafnium check

    • Under Review
    • Live Discover
    • 1 Comment
    WE have a number of queries for hafnium and additional news articles. Check out the news https://news.sophos.com/en-us/2021/03/05/hafnium-advice-about-the-new-nation-state-attack/ See the video on how to take the query from the article and run it...
    • 26 Mar 2021 12:42 PM
  • Excluding Hashes from various scans

    • Under Review
    • Live Discover
    • 3 Comments
    Hello all I am running a number of scans including but not limited to "Unsigned applications that were run" which I believe I got from this site. I find the results to be extremely "busy" with so many pages it is almost unusable (155). I am looking...
    • 23 Mar 2021 4:48 PM
  • information of computer OFFLINE

    • Under Review
    • Live Discover
    • 1 Comment
    Hello friends,How is it possible to obtain the information from disconnected computers.
    • 22 Mar 2021 11:47 AM
  • How can I adjust this query so that it uses a list of items instead of just one file?

    • Under Review
    • Live Discover
    • 2 Comments
    I assume that searching for a list of files at once would be faster than searching for each file individually. So, how can I adjust this query so that it uses a list of items instead of just one file? --- Descriptive name Variable type SQL Variable...
    • 18 Mar 2021 10:00 PM
  • query with windows 10 updates

    • Under Review
    • Live Discover
    • 2 Comments
    hello friends, someone knows how to check the pending updates of windows 10. thanks
    • 17 Mar 2021 8:40 AM
  • List top threat indicators for Windows

    • Under Review
    • Live Discover
    • 0 Comments
    This query evaluates the machine learning and reputation scores to provide a list of the most suspect executables observed in the environment. Descriptive name Variable Type Notes Begin Search on date $$Begin Search on date...
    • 15 Mar 2021 9:22 PM
  • Generic Network activity search (Windows)

    • Under Review
    • Live Discover
    • 0 Comments
    This query provides a generic search for IP address and port information Descriptive name Variable Type Notes Begin Search on date $$Begin Search on date$$ DATE Provide a start date for the search Hours to Search $$Hours...
    • 15 Mar 2021 8:55 PM
  • Generic Process Search on Windows

    • Under Review
    • Live Discover
    • 0 Comments
    Hi folks, Sophos already published a canned query for 'Search for processes (Windows)', and while that one is really useful I had some asks for a different approach that allowed for larger time windows in the search and some different parameters. ...
    • 15 Mar 2021 6:35 PM