Sophos Community
Site
User
Site
Search
User
Community & Product Forums
Intercept X Endpoint
Sophos (XG) Firewall
UTM Firewall
Sophos Mobile
Sophos Wireless
Sophos Email
Community Chat
Community Blogs & Events
Sophos Community Blog
Community Security Blog
Product Documentation Blog
Application Control
Getting Started
Sophos Partners
Sophos Partners Group
Member Recognition
Community Leaderboards
Support Videos
Product Documentation
Visit docs.sophos.com
Support Portal
Sophos.com
More
Cancel
Intercept X Endpoint
Live Discover & Response Query Forum
Live Discover & Response Query Forum
Release Notes & News
Discussions
Recommended Reads
Threat Hunting Academy
Early Access Programs
Live Discover & Response Query Forum
More
Cancel
New
Overview
Live Discover allows you to check the devices that Sophos Central is managing, look for signs of a threat, or assess compliance.
New to Live Discover & Response queries? See
Getting Started In Live Discover - From Beginner to Advanced Query Creation
Make sure to also check out
Best Practices On Using Live Discover & Response Query Forum
and
Sophos EDR Threat Hunting Framework
.
Note:
For more information on Live Discover, please check out our
Product Documentation
.
Navigate to a category below to browse and submit a query
List of Your Queries (Submitted or Voted On)
LIVE DISCOVER QUERY
Under Review
5 days ago
Show the % free disk space - DATA LAKE
Under Review
9 days ago
OMIGOD Vulnerability | OMI version check
Approved
9 days ago
Retrieve Folder Size
Under Review
10 days ago
FORCEDENTRY Big Sur 11.6 Version Check
Under Review
12 days ago
FORCEDENTRY Safari Check (CATALINA & MOJAVE)
Under Review
12 days ago
CVE-2021-40444 MSHTML and other potential malicious processes originating from MS products (Data Lake)
Under Review
17 days ago
Query for CVE-2021-40444 MSHTML Process Event
Under Review
18 days ago
Query if CVE-2021-40444 MSHTML Mitigations Are Applied
Under Review
18 days ago
querie with file movements, on computers, to external storage
Under Review
24 days ago
Browse Live Response and Discover Queries by Category
Uncategorized
0
active ideas
Anomalies
Unexpected activity or network connections
5
active ideas
LINUX Process Tree for Data Lake (SHORT)
1 month ago
ATT&CK
Queries based on attack tactics and techniques
8
active ideas
T1070.001 - Indicator Removal on Host: Clear Windows Event Logs - Removal of .evtx files
1 month ago
Cloud Optix
0
active ideas
Compliance
Compliance with security standards
5
active ideas
Query who has modified an Active Directory object
2 months ago
Data Lake
6
active ideas
Decoding message_attachments from the xdr_xge_att_data table
1 month ago
Device
Device OS, patches, services and more
45
active ideas
OMIGOD Vulnerability | OMI version check
9 days ago
Email
Email and messaging activity
1
active idea
Email notification for scheduled queries
4 months ago
Events
Events in the system events log
12
active ideas
Login Failed attempts Query For WINDOWS
6 months ago
Files
File details and file accessories
19
active ideas
LIVE DISCOVER QUERY
5 days ago
Live Response
13
active ideas
Live Response: Controlling Windows Firewall Using Netsh
25 days ago
Network
Network connections and data transfers
7
active ideas
Port scan detection using Sophos Firewall data in the Data Lake
1 month ago
Other queries
All other queries
1
active idea
Query IPS (snort) Rules on Endpoint
4 months ago
Processes
Process activity and reputation
16
active ideas
Generic Process Search on Windows
6 months ago
Query Tips
4
active ideas
Load a local CSV file or Remote CSV File as a virtual table
4 months ago
Registry
Registry accesses and changes
2
active ideas
Live Discover Query - IFEO (someone had to mention it)
over 1 year ago
Threat Hunting
Indicators of compromise
41
active ideas
FORCEDENTRY Big Sur 11.6 Version Check
12 days ago
User
User activity and authentication
6
active ideas
Query to get all web browsing activity
2 months ago