Is there a query available for the data lake to query file information similar to the File Access History that endpoint queries use? We would like to be able to query our data lake and find copied / modified / moved / deletions / re-naming & what it...

Hello Community, is it possible to get the full os build number inclusive patchlevel (windows) with a XDR Query or other way? There is a query named "Hardware and operating system details" but with this query i only get the os_version and build, for...

Hi I installed NDR appliance in my network, and I'm getting this messages: NDR-DET-DDE-MACIPHOSTNAMECORRELATION "Source MAC address, IP address, and Hostname correlation based on MDNS and NetBIOS" The detection in low severity. Any idea...

Does anyone know of or have a custom live discover query that can identify any processes, programs running cURL? I am seeing something to help identify the vulnerability located in CVE-2023-38545. Description The version of curl installed on the remote...

Is there a way to check what applications are installed on MAC endpoints via Sophos Central? I can see queries to pull-out installed application list from Windows endpoints. Is there any query for MAC endpoints

Hello, I would like to run this command on all devices and extract as periodic report using Query from endpoint thru Sophos Cental. Command wmic bios get serialnumber, hostname

Hello, The current query for "Patches applied" lists all the patches applied, but does not include patches applied via MSI or downloaded from Windows Update. Query: SELECT hotfix_id, description, installed_by, installed_on FROM patches Is...

What are the domains or FQDNs to allow for access to Live Discover? The goal is to allow the Sophos MDR team to access an endpoint that is in red status and getting blocked by the firewall. When a device behind the Sophos firewall goes into a red...

Initial Steps: The given Powershell script will run from Live Response as well as from powershell prompt. There's no obligation to have elevated privilege to run this script. After opening command prompt enter "powershell" Copy paste the complete...

Hi, I did a copy of the default live query: File access history I'm only interested in new files that have been created in that timeframe. The demand is a bit like the default " New applications deployed " query. But not only for applications. ...