QUERIES
Windows SMBv3 Client/Server Remote Code Execution Vulnerability (CVE-2020-0796)
Approved 1 Comment Submitted by gallen 2 weeks agoDescription:Discover SMB servers potentially vulnerable to CVE-2020-0796. Indicates vulnerability wh...
3Votes
CVE-2020-0796 | Windows SMBv3 RCE
Approved 1 Comment Submitted by s-shimizu 2 weeks agoDescription:Query checks forCVE-2020-0796Windows SMBv3 Client/Server Remote Code Execution Vulnerabi...
3Votes
Linux and macOS X login information
Under Review 1 Comment Submitted by stympanick a month agoDescription:Linux and macOS X login informationSource:https://medium.com/@zercurity/building-at...
Carbon Black Help Desk Operations Incident Response IT Hygiene Linux Mac
1Vote
Programs Installed In Non-Standard Windows Locations
Under Review 1 Comment Submitted by stympanick a month agoDescription: Programs Installed In Non-Standard Windows LocationsWhat The Data Shows:Programs I...
2Votes
Find potential reverse shell or TTY abuse
Approved 6 Comments Submitted by gallen 02-12-2020Description:This query searches for socat or scripting connections to TTYs as non-root users. T...
1Vote
CVE-2019-18634: sudo 1.7.1 <= version < 1.8.26 vulnerable when pwfeedback set (query for RHEL/CENTOS)
Approved 1 Comment Submitted by gallen 02-11-2020Description: This query looks for vulnerable versions of SUDO on rpm-based systems that also have th...
0Votes
Firefox 72 Vulnerability
Under Review 1 Comment Submitted by stympanick 01-24-2020Source:https://techcrunch.com/2020/01/10/firefox-security-bug-zero-day/Description:This query l...
0Votes
macOS mail.app spawning reverse shells
Approved 1 Comment Submitted by stympanick 01-09-2020Source:https://holdmybeersecurity.com/2020/01/03/poc-mail-app-the-boomerang-of-reverse-shells-on-mac...
1Vote
Windows services associated with most common remote control tools
Approved 3 Comments Submitted by jaydelcic 01-08-2020Description: This query looks for service names associated with the most common remote control tools...
1Vote
DB_Rep Size query
Approved 3 Comments Submitted by ryan_manni 01-06-2020Description: This query looks for the DB_rep file for CB Defense and pulls back the sizeWhat Th...
0Votes
Welcome to the Query Exchange
The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”
Query Use Cases
IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.
Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.
Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.
Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.
Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.
Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.
