This is a live discover query.
with file_list as ( select spj.cmd_line, sfj.path, sfj.file from sophos_file_journal as sfj join sophos_process_journal as spj on spj.sophos_pid = sfj.sophos_pid where sfj.subject = "FileBinaryReads" and sfj.event_type = 9 and sfj.file like '%libcurl%' ) select * from file_list join file as osqfile on osqfile.path = file_list.path where osqfile.file_version not like '8.4%'
See the original discussion thread here
