• windows_powershell_script_blocks

    Karl_Ackerman
    Karl_Ackerman
    • Under Review on 14 Oct 2020
    • 0 Comments
    windows_powershell_script_blocks SCHEMA script_block_count int The total number of script blocks for this script script_block_id string The unique GUID of the powershell script to which this block belongs script_name string...
    • 14 Oct 2020 8:24 PM
  • threat_osx_hidden_users

    Karl_Ackerman
    Karl_Ackerman
    • Under Review on 14 Oct 2020
    • 0 Comments
    Scheduled queries with the Threat prefix are identification of potential threats that may warrant investigation. This identifies hidden users on OSX SCHEMA shell string User's configured default shell uid long The local user...
    • 14 Oct 2020 1:02 PM
  • vulnerability_safer_flags_not_enforcing

    Karl_Ackerman
    Karl_Ackerman
    • Under Review on 14 Oct 2020
    • 0 Comments
    vulnerability_safer_flags_not_enforcing SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry...
    • 14 Oct 2020 7:08 PM
  • vulnerability_app_mitigation_options

    Karl_Ackerman
    Karl_Ackerman
    • Under Review on 14 Oct 2020
    • 0 Comments
    Not sure what this is detecting have to check with the Sophos Managed Threat Response Team on it. SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name...
    • 14 Oct 2020 1:28 PM
  • windows_updates_patch

    Karl_Ackerman
    Karl_Ackerman
    • Under Review on 14 Oct 2020
    • 0 Comments
    windows_updates_patch SCHEMA caption string Short description of the patch description string Plugin description text hotfix_id string The kb article ID for the update installed_by string The system context...
    • 14 Oct 2020 8:36 PM
  • vulnerability_certificate_padding

    Karl_Ackerman
    Karl_Ackerman
    • Under Review on 14 Oct 2020
    • 0 Comments
    Certificate padding vulnerability SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry...
    • 14 Oct 2020 1:41 PM
  • listening_ports

    Karl_Ackerman
    Karl_Ackerman
    • Under Review on 13 Oct 2020
    • 0 Comments
    listening_ports lists processes with listening ports SCHEMA address string IPv4 address target name string Name of the process path string Full path to the process pid long Process (or thread) ID port...
    • 13 Oct 2020 10:06 PM
  • Show the % free disk space - DATA LAKE

    Victor Domingo
    Victor Domingo
    • Under Review on 17 Sep 2021
    • 1 Comment
    Please i need the query for Show the % free disk space on DATA LAKE. Its possible???? Thanks
    • 17 Sep 2021 12:24 PM
  • rpm_packages

    Karl_Ackerman
    Karl_Ackerman
    • Under Review on 14 Oct 2020
    • 0 Comments
    RPM package info SCHEMA arch string Architecture(s) supported name string Name of the registry value entry release string Package release source string ` version string Plugin short version ...
    • 14 Oct 2020 12:36 PM
  • osx_updates_patch

    Karl_Ackerman
    Karl_Ackerman
    • Under Review on 14 Oct 2020
    • 0 Comments
    osx updates and patches. MAC OS. Not in the EAP but coming soon SCHEMA content_type string Package content_type (optional) name string Name of the registry value entry package_id string Label packageIdentifiers ...
    • 14 Oct 2020 12:27 PM
<>