Announcements
    • 6 Jul 2020

    Exploring Windows Events and Security groups with Live Discover

    The Sophos UK Sales engineering team has been getting familiar with live discover. In the work they explored group policy and provided the following queries: Deleted security groups - Variable to specify the number of days to check Windows /* Deleted Security Groups */ SELECT source, eventid, CAST(datetime(time, 'unixepoch') AS TEXT) AS 'Change Made', JSON_EXTRACT(data, '$.EventData.SubjectUserName'...
Latest Endpoint EAP Recommended Reads
Latest Community Questions in Endpoint EAP
Files
$core_v2_ui.GetPreviewHtml($media.File.FileUrl, "%{ Width = $width }")

4min video on query building

$core_v2_ui.GetPreviewHtml($media.File.FileUrl, "%{ Width = $width }")

Building an advanced query 20 min

$core_v2_ui.GetPreviewHtml($media.File.FileUrl, "%{ Width = $width }")

Live Response

$core_v2_ui.GetPreviewHtml($media.File.FileUrl, "%{ Width = $width }")

Live Discover Tested with Caldera

$core_v2_ui.GetPreviewHtml($media.File.FileUrl, "%{ Width = $width }")

Forensics Investigation with Live Discover

$core_v2_ui.GetPreviewHtml($media.File.FileUrl, "%{ Width = $width }")

Threat Hunting with Live Discover

$core_v2_ui.GetPreviewHtml($media.File.FileUrl, "%{ Width = $width }")

Live Discover IT operations

$core_v2_ui.GetPreviewHtml($media.File.FileUrl, "%{ Width = $width }")

Device Selection for Live Discover

$core_v2_ui.GetPreviewHtml($media.File.FileUrl, "%{ Width = $width }")

Joining the Early Access Program

$core_v2_ui.GetPreviewHtml($media.File.FileUrl, "%{ Width = $width }")

Overview of Live Discover and Live Response