cancel
Showing results for 
Search instead for 
Did you mean: 

Query Exchange

QUERIES

Firefox 72 Vulnerability

Under Review 1 Comment Submitted by stympanick Friday

Source:https://techcrunch.com/2020/01/10/firefox-security-bug-zero-day/
Description:This query l...

Carbon Black Vulnerability Management Windows

0Votes

CVE-2019-1388 Detection

Under Review 1 Comment Submitted by mshahnawaz 2 weeks ago

Description: Privilege escalation in UAC due to hyperlink in Certificate - CVE-2019-1388What The Dat...

Community Incident Response Vulnerability Management Windows

0Votes

macOS mail.app spawning reverse shells

Approved 1 Comment Submitted by stympanick 3 weeks ago

Source:https://holdmybeersecurity.com/2020/01/03/poc-mail-app-the-boomerang-of-reverse-shells-on-mac...

Carbon Black Incident Response Mac

1Vote

Windows services associated with most common remote control tools

Approved 3 Comments Submitted by jaydelcic 3 weeks ago

Description: This query looks for service names associated with the most common remote control tools...

Community Incident Response IT Hygiene Windows

0Votes

DB_Rep Size query

Approved 3 Comments Submitted by ryan_manni 3 weeks ago

Description: This query looks for the DB_rep file for CB Defense and pulls back the size
What Th...

Community IT Hygiene Windows

0Votes

Check if auth using blank password is possible via Network

Approved 1 Comment Submitted by jaydelcic 12-22-2019

Description: Checks for the value of 'LimitBlankPasswordUse' registry key. Recommendation is for the...

Community Incident Response IT Hygiene Windows

0Votes

HKEY_USERS (NTUSER.DAT) Registry Query

Approved 6 Comments Submitted by creams 12-13-2019

Description:Looking for any PsExec Registry keys in an organization.
What The Data Shows:We're t...

Community Incident Response Windows

2Votes

macOS LaunchDaemon's that keep running

Approved 1 Comment Submitted by stympanick 10-31-2019

Description:macOS LaunchDaemon's
What The Data Shows: Find every macOS LaunchDaemon that launche...

Carbon Black IT Hygiene Mac

4Votes

All versions of Powershell Core

Approved 3 Comments Submitted by ksnihur 10-09-2019

Description: This query looks for all versions (6,7, preview versions) of PowerShell Core installed ...

Community Compliance IT Hygiene Linux Windows

1Vote

Libssh vulnerability - CVE-2018-10933

Approved 1 Comment Submitted by ksnihur 09-20-2019

Description: Query checks for the libssh vulnerability where clients create channels before authenti...

Community Linux Vulnerability Management

3Votes

Welcome to the Query Exchange

The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”

Query Use Cases

IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.

Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.

Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.

Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.

Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.

Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.