One of the most common comments from EAP participants so far has been about the lack of visibility of DNS traffic data. The EAP refresh release coming in a week or two will help a lot with that, but in the meantime I thought I'd provide some examples…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Background 1) Default Configurations…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Microsoft announced a requirement for Azure Code Signing…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Index Purpose Prerequisites Query #1 - Live Discover - Check…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose If you have not traversed the XDR journals, please review…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Sophos Endpoint and Server products all come equipped with…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Sophos Endpoint and Server products all come equipped with…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose The Windows Firewall is a security component to help protect…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose This query is taken directly from the Sophos Rapid Response…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Often, Remote Desktop Protocol (RDP) sessions are used…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Let's revisit a query written by Kyle Seike - post can…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose This query is designed to give you information required…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose This query is designed to give you a "Total Report" of…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Rebooting a computer can be a delicate situation. It can…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Purpose Our first post in the Query Corner is going to target User…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Overview This post is going to cover setting up a user created…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Overview Here at Sophos, we launched EDR into the endpoint platform…

Hi, I need this Live Response quickly, unfortunately Sophos Intercept X is aborting the Query. What is this and how do I get to my data? I just want to use that product with a default query! 2022-03-31T14:29:22.937Z [ 9644: 8204] E Process SophosOsqueryExtension…

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. A recent inquiry from a Sophos Customer indicated that they wanted…

Hello - Does anyone have a query they have used to see if Windows Update is running on an endpoint?

Hi, it there a better place for discussing about Live or Data Lake Queries than the " Live Discover & Response Query Forum "? There is not much resoponse there. Or should I contact support for special questions? Regards

Hi, Does anyone else have issues with Datalake queries just timing out? It's been pretty unusable for us every since we turned on the function. We have around 15,000 endpoints on our Central environment so I wonder if it's just down to the sheer volume…

MTR team wrote us that some of our servers cannot be managed by them. This maybe in relation with this thread But here is no 503 error in MCSClient.log and the client is green for MCS communication There has been an other thread here also with…