• HiveNightmare aka SeriousSAM vulnerability query

    SecBug
    SecBug
    The Live Discover query below, from Sophos MTR, will identify processes that have accessed either the SAM, SECURITY, or SYSTEM Registry hive files in Shadow volumes. It is optimized to minimize the number of accesses to the Sophos File Journal to enable…
    • over 3 years ago
    • Sophos Endpoint
    • Threat Hunting

  • Checking For Print Spooler Vulnerabilities

    JeramyKopacko
    JeramyKopacko
    This query will search your endpoints for the following CVEs and their currently released patches: 2021-1675, 2021-34527, and 2021-34481. As of writing this, CVE-2021-34481 is considered still vulnerable and the recommended fix is to disable the print…
    • over 3 years ago
    • Sophos Endpoint
    • Threat Hunting

  • Check IP Journal against File Properties & Processes

    JeramyKopacko
    JeramyKopacko
    It may be useful to see what specific PID, program, syntax, etc and its threat scoring that has interacted with a specific IP. This is the final query from the Getting Started Recommended Read shared recently. ## DEFINE $$IPaddress$$ as IPaddress …
    • over 3 years ago
    • Sophos Endpoint
    • Threat Hunting

  • Getting Started In Live Discover - From Beginner to Advanced Query Creation

    JeramyKopacko
    JeramyKopacko
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Background Prerequisites Guide Intro…
    • over 3 years ago
    • Sophos Endpoint
    • Recommended Reads

  • Sophos Rapid Response team sharing their EDR queries on GitHub

    PeterM
    PeterM
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Hi everyone, The Sophos Rapid Response service is essentially the…
    • over 3 years ago
    • Sophos Endpoint
    • Recommended Reads

  • Best Practices On Using Live Discover & Response Query Forum

    JeramyKopacko
    JeramyKopacko
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. If Sophos-provided pre-defined queries aren’t working, Sophos Support…
    • over 3 years ago
    • Sophos Endpoint
    • Recommended Reads

  • Sophos XDR and EDR 4.0 Now Available

    Kevin Kingston
    Kevin Kingston
    We are pleased to announce that today, May 19, we have released some exciting updates for all customers using Sophos EDR (Endpoint Detection and Response) with Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR. What’s new? …
    • over 3 years ago
    • Sophos Endpoint
    • Release Notes & News
<