SELECT device_model, --device_serial_id, --app_name AS ProtoPort, --in_interface,-- --src_mac,-- src_ip, dst_ip, src_country, log_type AS Source_Log, log_subtype AS Decision, src_port, dst_port --protocol-- FROM xgfw_data ...

Hi, I run the following query and had an error. I got the query from GitHub. https://github.com/Sophos-Community/XDR_Queries/commit/80a062e25426c9879b4b238cf889e93088e2e41f What could be wrong? Invalid sql: SELECT source, eventid, CAST(datetime...

Hello all, I would be very interested if someone has a ready-made query to check an installed Internet Explorer on Windows clients/server? C:\Program Files\Internet Explorer\iexplore.exe Many thanks for your support!

Identify the Integration that have information in the data lake, how much data they have sent and when they last sent data. NOTE: If no data has been sent to the data lake then the integration is not listed -- Display Integration status -- NOTE if...

This query evaluates the NDR detection and report data to identify interesting detections that can also be seen from the Detections list page. -- List of communications to ids messages *Exclude ids_msg's that are NULL SELECT DISTINCT COUNT(*) instances...

With the Sophos NDR Connector configured and working you will have detections and reports available. How to setup the NDR Connector https://community.sophos.com/mdr-community-channel/mdr-integrations-eap/w/ndr_wiki/127/deployment-and-configuration...

Once you have configured the AWS Security hub connector you can add some queries to explore the data. How to enable the AWS Security Hub Connector: https://community.sophos.com/mdr-community-channel/mdr-integrations-eap/b/announcements/posts/enabling...

Does anyone know of a SQL Query format in the Designer Mode in Live Discover that will allow me to query all Windows devices to determine which online systems have a TPM module? Thanks. -Andy

The query below requires you to have setup the AWS Security Hub Connector. See https://community.sophos.com/mdr-community-channel/mtr-connector-eap/b/announcements/posts/enabling-asw-security-hub-guard-duty-in-mdr for instructions. SQL -- VARIABLE...

Hi Team, Would it be possible to query the below details for device : 1. DNS Name /FQDN 2. Logged in (Domain ) 3. Last logged in user 4. IP address 5. Group 6. Status 7. Operating system and version 9. Last update 10. Status 11....