Sophos Community
Site
User
Site
Search
User
Community & Product Forums
Intercept X Endpoint
Sophos (XG) Firewall
UTM Firewall
Sophos Mobile
Sophos Wireless
Sophos Email
Community Chat
Community Blogs & Events
Sophos Community Blog
Community Security Blog
Product Documentation Blog
Application Control
Getting Started
Sophos Partners
Sophos Partners Group
Member Recognition
Community Leaderboards
Support Videos
Product Documentation
Visit docs.sophos.com
Support Portal
Sophos.com
More
Cancel
Intercept X Endpoint
Live Discover & Response Query Forum
Live Discover & Response Query Forum
Release Notes & News
Discussions
Recommended Reads
Threat Hunting Academy
Early Access Programs
Live Discover & Response Query Forum
More
Cancel
New
Overview
Live Discover allows you to check the devices that Sophos Central is managing, look for signs of a threat, or assess compliance.
New to Live Discover & Response queries? See
Getting Started In Live Discover - From Beginner to Advanced Query Creation
Make sure to also check out
Best Practices On Using Live Discover & Response Query Forum
Note:
For more information on Live Discover, please check out our
Product Documentation
.
Navigate to a category below to browse and submit a query
List of Your Queries (Submitted or Voted On)
HiveNightmare aka SeriousSAM vulnerability query
Under Review
1 day ago
Query who has modified an Active Directory object
Under Review
1 day ago
Application Whitelist
Under Review
2 days ago
Checking For Print Spooler Vulnerabilities
Under Review
2 days ago
SeriousSam/HiveNightmare Hunting Query (Live Endpoint)
Under Review
2 days ago
Ability to view URL's (warn, block) using EDR
Under Review
3 days ago
Add context to the Sophos Endpoint Health Status report with XDR
Under Review
4 days ago
Check IP Journal against File Properties & Processes
Under Review
9 days ago
Query to get all web browsing activity
Under Review
9 days ago
Live Query CPU utilization
Under Review
9 days ago
Browse Live Response and Discover Queries by Category
Uncategorized
0
active ideas
Anomalies
Unexpected activity or network connections
3
active ideas
Generic Search
6 months ago
ATT&CK
Queries based on attack tactics and techniques
6
active ideas
Live Discover MITRE ATT&CK Classification and Hunting
1 month ago
Compliance
Compliance with security standards
5
active ideas
Query who has modified an Active Directory object
1 day ago
Device
Device OS, patches, services and more
42
active ideas
Application Whitelist
2 days ago
Email
Email and messaging activity
1
active idea
Email notification for scheduled queries
2 months ago
Events
Events in the system events log
12
active ideas
Login Failed attempts Query For WINDOWS
4 months ago
Files
File details and file accessories
17
active ideas
EDR Query to list deleted files in a directory
9 days ago
Live Response
12
active ideas
Live Response: Temperature of a machine
11 months ago
Network
Network connections and data transfers
5
active ideas
Query SNTP Logs On A Specific Date
1 month ago
Other queries
All other queries
1
active idea
Query IPS (snort) Rules on Endpoint
1 month ago
Processes
Process activity and reputation
16
active ideas
Generic Process Search on Windows
4 months ago
Query Tips
4
active ideas
Load a local CSV file or Remote CSV File as a virtual table
2 months ago
Registry
Registry accesses and changes
2
active ideas
Live Discover Query - IFEO (someone had to mention it)
over 1 year ago
Threat Hunting
Indicators of compromise
31
active ideas
HiveNightmare aka SeriousSAM vulnerability query
1 day ago
User
User activity and authentication
6
active ideas
Query to get all web browsing activity
9 days ago
XDR
5
active ideas
Data Lake: Threat Indicators
1 month ago