• 6 Jul 2020

    Exploring Windows Events and Security groups with Live Discover

    The Sophos UK Sales engineering team has been getting familiar with live discover. In the work they explored group policy and provided the following queries: Deleted security groups - Variable to specify the number of days to check Windows /* Deleted Security Groups */ SELECT source, eventid, CAST(datetime(time, 'unixepoch') AS TEXT) AS 'Change Made', JSON_EXTRACT(data, '$.EventData.SubjectUserName'...
Latest Endpoint EAP Recommended Reads
Latest Community Questions in Endpoint EAP