• Query for Applications that Auto Start

    • Under Review
    • Live Discover
    • 2 Comments
    SELECT name as 'Key Name', source as 'Start Up source', path as 'Path', args as 'Aruments', username as 'Owner', status as 'Status' FROM startup_items ORDER by status This may be used to identify persistence or unidentified startup items
    • 28 Apr 2021 5:01 PM
  • Query Trusted Root Certs

    • Under Review
    • Live Discover
    • 0 Comments
    SELECT common_name, issuer, strftime('%d/%m/%Y', datetime(not_valid_after, 'unixepoch')) as expiration_date FROM certificates WHERE path = 'CurrentUser\Trusted Root Certification Authorities' ORDER BY common_name You can break this query down further...
    • 28 Apr 2021 4:22 PM
  • Query Machines for Specific Requirements

    • Under Review
    • Live Discover
    • 0 Comments
    SELECT cpu_logical_cores, physical_memory, free_space FROM logical_drives JOIN system_info on 1 and boot_partition=1 WHERE cpu_logical_cores < 2 or physical_memory < 4000000000 or free_space < 8000000000; This will search for machines with...
    • 27 Apr 2021 9:08 PM
  • Live Discovery - Need help to get current IP address

    • Under Review
    • Live Discover
    • 5 Comments
    Hi, need some help on creating a query that will show me the current IP address the machine is connecting from. Is there any nice easy way of doing this? I've tried with: interface_addresses.address Network_IP, But that returns the IP for all existing...
    • 26 Apr 2021 1:03 PM
  • Add username to Windows Programs query

    • Under Review
    • Live Discover
    • 1 Comment
    Hello everyone, I need help with a simple query as I'm not well versed in SQL. Basically this is the query: SELECT name, version, install_location, install_source, publisher, install_date, identifying_number FROM programs Where name LIKE '%CAD%'...
    • 23 Apr 2021 9:08 AM
  • Search subfolders for a specific filename or extension.

    • Under Review
    • Live Discover
    • 0 Comments
    Useful query to search entire subfolders for a specific extension or a filename. Supports wildcards in path and filename. SELECT path, directory, filename, device, size FROM file WHERE directory LIKE 'C:\users\%\desktop%%' AND filename LIKE '%%.exe...
    • 11 Apr 2021 2:34 PM
  • Finding the Sophos Machine ID

    • Under Review
    • Live Discover
    • 1 Comment
    Each device managed by Sophos has a unique machineID. This is created at the time of installation. There are some scenarios where it's useful to be able to search for a unique machineID, or a collection of them. -- Name: List Sophos Machine IDs ...
    • 6 Apr 2021 3:24 PM
  • Hafnium check

    • Under Review
    • Live Discover
    • 1 Comment
    WE have a number of queries for hafnium and additional news articles. Check out the news https://news.sophos.com/en-us/2021/03/05/hafnium-advice-about-the-new-nation-state-attack/ See the video on how to take the query from the article and run it...
    • 26 Mar 2021 12:42 PM
  • Excluding Hashes from various scans

    • Under Review
    • Live Discover
    • 3 Comments
    Hello all I am running a number of scans including but not limited to "Unsigned applications that were run" which I believe I got from this site. I find the results to be extremely "busy" with so many pages it is almost unusable (155). I am looking...
    • 23 Mar 2021 4:48 PM
  • information of computer OFFLINE

    • Under Review
    • Live Discover
    • 1 Comment
    Hello friends,How is it possible to obtain the information from disconnected computers.
    • 22 Mar 2021 11:47 AM