Is Sophos CPU history recorded in Data Lake?

Hi! I wanted to know if there is a way to download the list of users and the serial numbers of the computers assigned to them. From what I've seen in the reports section, it doesn't allow modifying the columns. Do you know if it's possible to download…

Hi, Is there any osquery to get all the domain-joined machines where the "Domain Users" group is added to the "Remote Desktop Users" local group?

I have a hash like: 6ea2c9276c122222222222f9ae2 i want to search on the clients for this hash. is there a posibility to search with Sophos EP?

Is there a query that can be used to see if a user or Mac device has accessed a specific IP or website?

Hello everyone, I understand there is a way to query for event logs in Live Discovery. From what I see, it may be limited to Windows Logs only i.e Application, Security, Setup, and System event logs. I tried querying an event id, but it pulled from…

Hi, Please let us know if there is a sql query for get all web browsing activity of user/ computer for MAC devices on sophos central. I found we have inbuilt query available for Windows as : "URLs accessed on Windows (Data Lake)". Kindly let…

Hello dear Sophos Community, we have some old devices in our company and I noticed that the sophos agent collects data like Processor structure and Operating System but now my question is; Can I get Sophos to collect more information than this from…

I am playing around with the XDR Datalake. The goal is to use the XDR Datalake for our inventory. So we do not have manually update it. I can get all installed software from the Datalake thanks to the query "windows_programs". However in this query…

Hello, I want to display installed programs on my users' computers. I wonder if i can do that with Sophos. Thanks,

Hi, How to generate a report of Core Agent version of all devices? Excel or CSV, do not mind

We have created a custom query to allow us to find specific file names and path on any system within our tenant. SELECT file, path FROM sophos_file_journal WHERE file LIKE '$$Filename$$'; This is very temperamental, as it will sometimes return a result…

Hello All, I have been trying to create custom queries in Sophos Central for finding IoCs (SHA1 and SHA256). Can you please help me build query for the same? Regards, Jenil

I upgraded my subs to XDR and looked to following video: https://vimeo.com/519661823 Unfortunately I do not see tables mentioned there like: Data Lake hydration queries query result List all EP and XG FW Tables Windows programs Inventory search…

I have mixed Mac and Windows environment. So far I scheduled weekly two queries: Pending macOS updates Data Lake Pending Windows updates Data Lake Do you have any other recommendation what makes sense to run using the schedule ?

Hello, Just upgraded my license to XDR and now under detections I see many level 4 warnings like: SRP path rules missing. Secure boot supported but not enabled. DEP is not Admin Opt-out or Always-on. Applications with special compatibility…

Hello Community, we are testing Endpoint Protection in Sophos Central. The Tech Specs contains the Features "Sophos Data Lake Cloud Storage" and "On-disk Data Storage". I found "Upload to the Data Lake" in the Global Settings. But I do not find "On…

Hello everybody. is there any query that checks all users with administrative privileges on the network? Thanks

On Sophos Central is there a way to check devices for the status of OS updates to ensure they are up to date? Windows MacOS Linux

Is there a way to check what applications are installed on a device and if these are up to date via Sophos Central?

i have intercept-X with XDR installed i want to see that if any particular IOC is present or not??? if present then how can i delete it?? please guide.

How to get list of machines whose core agent is not up to date or how to get core agent list completely for all sub estates

Guys, I have a doubt. there is no more sophos product for endpoint with EDR? XDR only?

How to list all installed applications in the windows end devices/Clients using sophos Threat Analysis Center.

Buen día. Espero me puedan ayudar con esta duda. ¿Hay manera de que desde Sophos Central pueda obtener información de un endpoint como marca, modelo, número de serie, sistema y algunas características del hardware del endpoint? En caso de que no…