Guest User!

You are not Sophos Staff.

Overview
Live Discover allows you to check the devices that Sophos Central is managing, look for signs of a threat, or assess compliance.

New to Live Discover & Response queries? See Getting Started In Live Discover - From Beginner to Advanced Query Creation
Make sure to also check out Best Practices On Using Live Discover & Response Query Forum and Sophos EDR Threat Hunting Framework.

Note: For more information on Live Discover, please check out our Product Documentation.

Navigate to a category below to browse and submit a query

Browse Ideas in Category
  • Live Discover Query - CPU Usage (Weighted)

    • Approved on
    • 0 Comments
    REVIEWED by Sophos Hi guys, Been playing with live discover, which seems to be all I'm doing at the moment, it's a little addictive! Anyway wrote a simple query to collect the most active processes on devices. Unlike the cpu_time table, this query...
  • Live Discover Query - BitLocker

    • Approved on
    • 1 Comment
    REVIEWED by Sophos The first query will show for Windows devices if any drive has been encrypted using BitLocker: select drive_letter as "Drive Letter", case protection_status when "1" then "ENABLED" else "DISABLED" end "Protection Status", encryption_method...
  • Query to collect Serial Numbers of computers

    • Approved on
    • 2 Comments
    Can someone help me. I need collect serial numbers of computers with sophos agent installed.
  • Simple query to audit Microsoft RDP enablement status (from registry)

    • Approved on
    • 0 Comments
    REVIEWED by Sophos Just a quick query to audit the state of MS RDP via the registry, uncomment (remove the 2 leading '--' from the last line) to return only machines where RDP is enabled. SELECT CASE WHEN data = 0 then 'RDP Enabled' WHEN data...
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?