QUERIES
Search/Hunt for Persistence through Windows Services installed within the Past 30 days
Approved 4 Comments Submitted by jstreet16 2 weeks agoDescription:Search windows service creation events using the system logs event id 7045 from the past...
Community Compliance Help Desk Operations Incident Response Windows
1Vote
Search windows artifacts of execution for evidence of a file
Approved 1 Comment Submitted by jstreet16 2 weeks agoDescription: Search multiple artifacts of execution to search for evidence of an executable seen by ...
0Votes
Ideas for working out FULL OUTER JOIN limitation
Approved 4 Comments Submitted by jstreet16 3 weeks agoDescription: Given a file path check for the existence and evidence of execution of a fileWhat The D...
1Vote
Disk utilization on Windows
Approved 1 Comment Submitted by jnelson 3 weeks agoThis query converts the size and free space to GB, then calculate the percent full for the disk.
1Vote
Windows with WSL enabled
Approved 2 Comments Submitted by slist 09-20-2021Description: This query looks for Windows endpoints with WSL feature enabledWhat The Data Shows...
3Votes
macOS - CB Standard Background Scan Status
Approved 1 Comment Submitted by lschulze 09-16-2021Description: This query queriesthe Apple System Log (ASL) data structure for system events. The quer...
4Votes
macOS - Local Administrator Accounts
Approved 1 Comment Submitted by lschulze 09-01-2021Description: The query allows you to check macOS systems for local administrator accounts.The admini...
1Vote
query for other IT tools
Approved 6 Comments Submitted by vbianconi 08-11-2021Description:Query for other IT toolsWhat The Data Shows:Whether your endpoints have any conflic...
1Vote
Installed Firefox add-ons without Default
Approved 2 Comments Submitted by sk-mobily 07-16-2021Description: This query help for get all installed add-ons on Firefox without default say (Pocket, W...
1Vote
Installed Firefox add-ons
Approved 1 Comment Submitted by sk-mobily 07-16-2021Description: This query help for get all installed add-ons on FirefoxWhat The Data Shows: : Thi...
Community Help Desk Operations Incident Response IT Hygiene Windows
0Votes
Welcome to the Query Exchange
The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”
Query Use Cases
IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.
Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.
Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.
Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.
Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.
Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.
