Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 77850 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Nice Sophos DB query's

Placebo

I though it would be nice to share some of the query's I made to collect data from the Sophos 4.5 database.

Web content scanner
Description:
Shows all the Internet Explorer BHO web content scanner detections in one list sorted by date of detection.
Query:
(SELECT tb1.name As Computer, tb2.ThreatName, tb2.FullFilePath, tb2.FirstDetectedAt AS FirstDetectedAt
FROM ComputersAndDeletedComputers AS tb1, Threats AS tb2
WHERE tb2.FullFilePath LIKE 'h__%'
AND tb2.ComputerID = tb1.ID)
UNION
(SELECT tb1.name AS Computer, tb2.ThreatName, tb2.FullFilePath, tb2.FirstDetectedAt AS FirstDetectedAt
FROM ComputersAndDeletedComputers AS tb1, ThreatsArchive AS tb2
WHERE tb2.FullFilePath LIKE 'h__%'
AND tb2.ComputerID = tb1.ID)
ORDER BY FirstDetectedAt DESC
Example Result:
PC1000 - Mal/Badsrc-C - h__p://evilwebsite.com - 18-7-2010 23:29

If you have some query's please share.

If you are a database guru and have comment on the way I constucted my query please let me know :smileyhappy:

:4050


This thread was automatically locked due to age.
Parents
  • 0

    Looking for the following queries and the Sophos Reporting tool doesn't offer much. 

    I can do a lot of the date and time calculations in Excel since I'm pivoting off the MSAccess Query.  Wondering if you could help with the tables/views.

    1. Policies: Out of Date more than 7 days old – include the following items/fields:
    1. Computer Name
    2. User
    3. Group
    4. Tamper Protection Status
    • Protection: Out of Date more than 7 days old – include the following items/fields:
      1. Computer Name
      2. User
      3. Policy Compliance
      4. Up To Date
    • Errors: Out of date more than 7 days old – include the following items/fields:
      1. Computer Name
      2. User
      3. Alerts and Errors
      4. Scanning Errors
      5. Install Errors
      6. Update Errors
      7. Group
    :17987
Reply
  • 0

    Looking for the following queries and the Sophos Reporting tool doesn't offer much. 

    I can do a lot of the date and time calculations in Excel since I'm pivoting off the MSAccess Query.  Wondering if you could help with the tables/views.

    1. Policies: Out of Date more than 7 days old – include the following items/fields:
    1. Computer Name
    2. User
    3. Group
    4. Tamper Protection Status
    • Protection: Out of Date more than 7 days old – include the following items/fields:
      1. Computer Name
      2. User
      3. Policy Compliance
      4. Up To Date
    • Errors: Out of date more than 7 days old – include the following items/fields:
      1. Computer Name
      2. User
      3. Alerts and Errors
      4. Scanning Errors
      5. Install Errors
      6. Update Errors
      7. Group
    :17987
Children
No Data