Live discover: How to check Windows updates Available or not installed
Hi friends,
I've been trying create a query about how display all patches or windows updates available from a server. I tried this, but doesn't work:
SELECT meta_hostname AS ep_name, hotfix_id, caption, description, FROM xdr_data WHERE query_name…
Query for "Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability"
Cisco Security has recently updated (21 May 2021) the information about this vulnerability.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
The query performs the checks if the endpoint is affected…
Follow-up Windows updates patch (Data Lake)
Hi,
As many of you, I would like to list all machines that are out of date concerning "windows updates patch" (KBxxxxx), I know it is a tricky one after reading lots of idea submissions in this community ;-)
That's why my 1st goal would be to get…
Adobe Vulnerability - CVE-2021-28550
EDR query to identify the endpoints affected by the Adobe vulnerability CVE-2021-28550
Adobe Security Bullitin: https://helpx.adobe.com/security/products/acrobat/apsb21-29.html
Windows:
SELECT
CASE WHEN (
(SELECT 1 FROM programs WHERE name LIKE…
Cannot start HitmanPro.Alert service on Intercept X
Hello everyone,
I have two Windows Servers that report the HitmanPro.Alert service as Stopped.
Once I open windows services and try to manually start it I get this message:
"Windows coul not start the HitmanPro.Alert service service on Local…
Windows PCs inventory asset discovery info
Hi, I've been working on this for a few days. I know there are a few of these already on the forum, but thought I'd share in case anybody found this one useful.
SELECT /*User section*/ logged_in_users.user User_Name, /*System Info*/ system_info.cpu_brand…
Live Discovery - Need help to get current IP address
Hi, need some help on creating a query that will show me the current IP address the machine is connecting from.
Is there any nice easy way of doing this?
I've tried with: interface_addresses.address Network_IP,
But that returns the IP for all existing…
Add username to Windows Programs query
Hello everyone,
I need help with a simple query as I'm not well versed in SQL. Basically this is the query:
SELECT name, version, install_location, install_source, publisher, install_date, identifying_number FROM programs Where name LIKE '%CAD%' …
Auto deploy Sophos Server protection onto Azure Instances using Azure Automation and VM Extensions
Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Special Thanks to Carlos Agrelo for the solution !
For customers…
Search subfolders for a specific filename or extension.
Useful query to search entire subfolders for a specific extension or a filename. Supports wildcards in path and filename.
SELECT path, directory, filename, device, size FROM file WHERE directory LIKE 'C:\users\%\desktop%%' AND filename LIKE '%%.exe…
Updates of Sophos Network Threat Protection Module causing outages
Hi,
everytime Intercept X Agents managed by Central update this component:
Sophos Network Threat Protection
it causes a network interruption of seconds to minutes of this device, client or server (Windows 10 x64, 1809 and 2004, Server 2012 R2 and…
EDR Query to find all local admins (Windows)
I am searching for a way to query the local Administrators security group on every device in our environment. This seems like something Live Discover is capable of doing, but I haven't been able to figure out the OSQuery syntax to get it done. Right now…
Sophos Central Windows Endpoint: RE-register a device on Sophos central without reinstalling when accidentally deleted from the dashboard
Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Hi Everyone, There are many instances when the user accidentally…
Memory Leak in Server 2008R2/2012R2/2016
We have identified a slow memory leak on servers that have Sophos installed. We have used Task Manager, ProcMon, Process Explorer, Vmmap and RamMap to try to isolate and identify the process(es) that is consuming the nonpaged pool of memory. So far our…
Endpoint Standard from Sophos Central
Hi guys,
We've recently started rolling out Sophos products to our clients, creating Sophos Central accounts for them through our Partner Portal, etc, but we've hit a snag.
We can't seem to work out how to download and install Sophos Endpoint Standard…