Approved

This query is one you are recommended to read the FULL content of the post to use. It is not simply a copy and paste query, like others in the forum. It is valuable in the right situation.

Live Discover Query - General IT queries

Hi,

I have been looking at Live Discover and like the look of it. I am not an expert in Threat Hunting, but I was hoping I could use Live Discover to help me with my day to day IT tasks. I was thinking along the lines of the following.

  • Machine is NOT fully patched. I know I can look for a specific missing patch, but would like to list all machines that are out of date
  • User logged on with admin rights
  • Machines with X software installed. QuickTime would be a good example in my case
  • Retrieve software version. I was thinking about Acrobat DC as Application Control can only block DC as a whole, not a certain version. I need to find all the out of date DC
  • When did the user last use a certain application. I could remove it, if they weren't using it

I am not sure where to start. Could someone please give me some guidance.

Best wishes Michael 

Parents
  • Thanks Jak, I will take a look at those. As for out of day, I was thinking if Windows Update returns any update available it is not up to date. I assume if I know the path to a certain application (QuickTime) I could query for that. When I mean use I was assuming the main exe. Let's say Visio. User says he uses it "all the time". I want to find out if that is true and if not I will have the license back :)
Comment
  • Thanks Jak, I will take a look at those. As for out of day, I was thinking if Windows Update returns any update available it is not up to date. I assume if I know the path to a certain application (QuickTime) I could query for that. When I mean use I was assuming the main exe. Let's say Visio. User says he uses it "all the time". I want to find out if that is true and if not I will have the license back :)
Children
No Data