Sophos Community
Site
User
Site
Search
User
Community & Product Forums
Sophos Endpoint
Sophos Firewall
Sophos Central
Sophos Factory
Sophos Mobile
Sophos Cloud Optix
Sophos Sensor
Sophos Switch
Sophos Wireless
Sophos Email
UTM Firewall
Community Blogs & Events
Sophos Community Blog
Community Security Blog
Product Documentation Blog
Application Control
Getting Started
Sophos Partners
Member Recognition
Community Leaderboards
More
Cancel
3CX DLL-Sideloading attack:
What you need to know
MDR Community Channel
More
MDR Integrations
Queries
Announcements
Discussions
Queries
Recommended Reads
Integrations
More
Cancel
New
MDR Integrations requires membership for participation - click to join
By highest score
By date
By recent status change
Descending
Ascending
All ideas
Ideas you submitted
Ideas you voted on
With any status
With any open status
With any closed status
With held votes
Currently 'Completed (Brand-new content)'
Currently 'Completed (Content Update)'
Currently 'Completed (Minor Issue)'
Currently 'Approved'
Currently 'Under Review'
Currently 'Coming Soon'
Currently 'Not Planned'
Currently 'Complete'
Integration Status
Karl_Ackerman
Approved on
5 Oct 2022
0 Comments
Identify the Integration that have information in the data lake, how much data they have sent and when they last sent data. NOTE: If no data has been sent to the data lake then the integration is not listed -- Display Integration status -- NOTE if...
5 Oct 2022 3:13 PM
AWS Security Hub - Explore detections
Karl_Ackerman
Approved on
25 Aug 2022
0 Comments
The query below requires you to have setup the AWS Security Hub Connector. See https://community.sophos.com/mdr-community-channel/mtr-connector-eap/b/announcements/posts/enabling-asw-security-hub-guard-duty-in-mdr for instructions. SQL -- VARIABLE...
25 Aug 2022 3:19 PM
MS Graph detections by Day and Severity
Karl_Ackerman
Under Review on
10 May 2022
0 Comments
list the number of MS Graph alerts by Day and Severity -- MS Graph trends by day WITH List AS ( SELECT substring(CAST(event_date_time AS VARCHAR),1,10) Day, Severity, COUNT(event_date_time) Severity_Events, CASE severity WHEN 'HIGH' THEN 3...
10 May 2022 8:19 PM
NDR: NDR Report - idsSrcIps Blacklist, botnets, and more
Karl_Ackerman
Under Review on
16 Sep 2022
0 Comments
This query evaluates the NDR detection and report data to identify interesting detections that can also be seen from the Detections list page. -- List of communications to ids messages *Exclude ids_msg's that are NULL SELECT DISTINCT COUNT(*) instances...
16 Sep 2022 1:43 PM
MS Graph - List graph alerts by category
Karl_Ackerman
Under Review on
17 May 2022
1 Comment
List detections by category with additional information on title, description, severity and count for the selected time period SELECT Category, title, description, severity, -- ARRAY_JOIN(ARRAY_AGG(title ||' :: '|| description),CHR(10)) title_list...
17 May 2022 7:29 PM
MS Graph Security - View detection count by category and severity
Karl_Ackerman
Under Review on
10 May 2022
0 Comments
This query provides a count of the number of detections per category and severity. -- MS Graph API Alerts -- VARIABLE STRING $$category$$ -- VARIABLE STRING $$severity$$ WITH List AS ( SELECT Category, Severity, title, COUNT(event_date_time...
10 May 2022 8:16 PM
NDR Data exploration
Karl_Ackerman
Under Review on
16 Sep 2022
0 Comments
With the Sophos NDR Connector configured and working you will have detections and reports available. How to setup the NDR Connector https://community.sophos.com/mdr-community-channel/mdr-integrations-eap/w/ndr_wiki/127/deployment-and-configuration...
16 Sep 2022 1:22 PM
MS Graph Security - Explore
Karl_Ackerman
Under Review on
10 May 2022
0 Comments
This query allows you to view the detection details that have been received from the MS Graph Connector. The primary table we are exploring is mdr_ms_graph_api_data. This query takes two variables allowing to to set a filter by category and severity...
10 May 2022 8:13 PM
AWS Queries - Exploring AWS Data with live discover
Karl_Ackerman
Under Review on
8 Sep 2022
0 Comments
Once you have configured the AWS Security hub connector you can add some queries to explore the data. How to enable the AWS Security Hub Connector: https://community.sophos.com/mdr-community-channel/mdr-integrations-eap/b/announcements/posts/enabling...
8 Sep 2022 3:06 PM