Sophos Community
Site
User
Site
Search
User
Community & Product Forums
Intercept X Endpoint
Sophos (XG) Firewall
Sophos Central
UTM Firewall
Sophos Mobile
Sophos Wireless
Sophos Email
Community Chat
Community Blogs & Events
Sophos Community Blog
Community Security Blog
Product Documentation Blog
Application Control
Getting Started
Sophos Partners
Sophos Partners Group
Member Recognition
Community Leaderboards
Sophos Techvids
Product Documentation
Visit docs.sophos.com
Support Portal
Sophos.com
More
Cancel
Intercept X Endpoint
Live Discover & Response Query Forum
Live Discover & Response Query Forum
Release Notes & News
Discussions
Recommended Reads
Threat Hunting Academy
Early Access Programs
Live Discover & Response Query Forum
More
Cancel
New
Overview
Live Discover allows you to check the devices that Sophos Central is managing, look for signs of a threat, or assess compliance.
New to Live Discover & Response queries? See
Getting Started In Live Discover - From Beginner to Advanced Query Creation
Make sure to also check out
Best Practices On Using Live Discover & Response Query Forum
and
Sophos EDR Threat Hunting Framework
.
Note:
For more information on Live Discover, please check out our
Product Documentation
.
Navigate to a category below to browse and submit a query
List of Your Queries (Submitted or Voted On)
Query for a user's web history
Under Review
2 days ago
Hostnames with user "Administrator" saved in Windows Credential Manager
Under Review
7 days ago
Query for missing default shares
Approved
29 days ago
Discover Google Chrome Browsers with Latest Zero Day
Approved
1 month ago
How to use ""File attributes and metadata" to find a file anywhere on a computer?
Under Review
1 month ago
Basic search to find Log4J running on hosts from the DataLake
Approved
1 month ago
Identify vulnerable Log4j Apache components
Approved
1 month ago
List Office Macro documents touched on a client computer (from Data Lake)
Under Review
1 month ago
Query for System Reboots/Shutdowns
Approved
1 month ago
Live Discovery Query for Event log - system reboots
Complete
1 month ago
Browse Live Response and Discover Queries by Category
Uncategorized
0
active ideas
Anomalies
Unexpected activity or network connections
5
active ideas
LINUX Process Tree for Data Lake (SHORT)
5 months ago
ATT&CK
Queries based on attack tactics and techniques
8
active ideas
T1070.001 - Indicator Removal on Host: Clear Windows Event Logs - Removal of .evtx files
5 months ago
Cloud Optix
0
active ideas
Compliance
Compliance with security standards
6
active ideas
Basic search to find Log4J running on hosts from the DataLake
1 month ago
Data Lake
10
active ideas
Discover Google Chrome Browsers with Latest Zero Day
1 month ago
Device
Device OS, patches, services and more
46
active ideas
Check the Flaw in AMD Platform Security Processor, CVE-2021-26333
3 months ago
Email
Email and messaging activity
1
active idea
Email notification for scheduled queries
8 months ago
Events
Events in the system events log
11
active ideas
Query for System Reboots/Shutdowns
1 month ago
Files
File details and file accessories
21
active ideas
How to use ""File attributes and metadata" to find a file anywhere on a computer?
1 month ago
Live Response
13
active ideas
Live Response: Controlling Windows Firewall Using Netsh
4 months ago
Network
Network connections and data transfers
8
active ideas
[LiveDiscoverHelp] IP address activity
2 months ago
Other queries
All other queries
1
active idea
Query IPS (snort) Rules on Endpoint
7 months ago
Processes
Process activity and reputation
16
active ideas
Generic Process Search on Windows
10 months ago
Query Tips
4
active ideas
Load a local CSV file or Remote CSV File as a virtual table
8 months ago
Registry
Registry accesses and changes
2
active ideas
Live Discover Query - IFEO (someone had to mention it)
over 1 year ago
Threat Hunting
Indicators of compromise
46
active ideas
Query for missing default shares
29 days ago
User
User activity and authentication
6
active ideas
Query for a user's web history
2 days ago