Queries - EDR Data Lake EAP - Sophos Community

network_interfaces

Karl_Ackerman
- Under Review on 14 Oct 2020
- 0 Comments
list the devices network interfaces SCHEMA address string IPv4 address target broadcast string Broadcast address for the interface ibytes long Input bytes interface string Interface name mac string ...
- 14 Oct 2020 12:19 PM
open_sockets

Karl_Ackerman
- Under Review on 14 Oct 2020
- 0 Comments
List open socket info SCHEMA cmdline string Process command line local_address string Socket local address name string Name of the registry value entry parent long Process parent's PID path string ...
- 14 Oct 2020 12:22 PM
opera_extensions

Karl_Ackerman
- Under Review on 14 Oct 2020
- 0 Comments
List opera extension info SCHEMA author string Optional extension author description string Plugin description text identifier string Plugin identifier name string Name of the registry value entry path...
- 14 Oct 2020 12:25 PM
osx_updates_patch

Karl_Ackerman
- Under Review on 14 Oct 2020
- 0 Comments
osx updates and patches. MAC OS. Not in the EAP but coming soon SCHEMA content_type string Package content_type (optional) name string Name of the registry value entry package_id string Label packageIdentifiers ...
- 14 Oct 2020 12:27 PM
pending_osx_updates_patch

Karl_Ackerman
- Under Review on 14 Oct 2020
- 0 Comments
List pending updates/patch for MAC os x SCHEMA package_id string Label packageIdentifiers recommended string recommended restart string restart size long Size of the update title string Title of the...
- 14 Oct 2020 12:31 PM
pending_windows_updates_patch

Karl_Ackerman
- Under Review on 14 Oct 2020
- 0 Comments
Pending windows updates/patches SCHEMA hotfix_id string The kb article ID for the update installed string Is the update installed mandatory string Is the update mandatory msrc_severity string Severity of the...
- 14 Oct 2020 12:34 PM
rpm_packages

Karl_Ackerman
- Under Review on 14 Oct 2020
- 0 Comments
RPM package info SCHEMA arch string Architecture(s) supported name string Name of the registry value entry release string Package release source string ` version string Plugin short version ...
- 14 Oct 2020 12:36 PM
running_processes_linux_events

Karl_Ackerman
- Under Review on 14 Oct 2020
- 0 Comments
Linux running processes SCHEMA cmdline string Process command line egid long Effective group ID at process start euid long Effective user ID at process start gid long Group ID (unsigned) of the user running...
- 14 Oct 2020 12:38 PM
running_processes_osx_events

Karl_Ackerman
- Under Review on 14 Oct 2020
- 0 Comments
Mac os running process info SCHEMA cmdline string Process command line egid long Effective group ID at process start euid long Effective user ID at process start gid long Group ID (unsigned) of the user running...
- 14 Oct 2020 12:42 PM
running_processes_windows_sophos

Karl_Ackerman
- Under Review on 14 Oct 2020
- 0 Comments
Windows process history SCHEMA cmdline string Process command line file_size long File size now gid long Group ID (unsigned) of the user running the process global_rep int The machine learning global reputation...
- 14 Oct 2020 12:46 PM

Submitted a Tech Support Case lately from the Support Portal?