QUERIES
Test
Under Review 8 Comments Submitted by andross561 42m agoDescription: What does this query look for?What The Data Shows: What value does this provide, why wo...
0Votes
Check Devices for BlueKeep Vulnerability
Under Review 0 Comments Submitted by mjomha FridayDescription: Query looks for Devices that are vulnerable to the BlueKeep Windows vulnerability (CVE-...
Community Incident Response Vulnerability Management Windows
0Votes
Find Active Wireless Interfaces
Approved 4 Comments Submitted by ksnihur MondayDescription: Looks for active wireless interfacesWhat The Data Shows:Shows all active wireless ...
0Votes
Find specific installed application and version
Approved 1 Comment Submitted by ksnihur MondayDescription: This query can be customized to specify the application to be queried. (replace the VLC...
0Votes
Rogue DHCP Servers
Approved 1 Comment Submitted by ksnihur MondayDescription: This query looks for DHCP servers that are not in a permitted list.What The Data S...
0Votes
Executable in Suspicious Locations
Approved 1 Comment Submitted by ksnihur MondayDescription: This query looks for suspicious executables which are in unusual locations.What Th...
0Votes
Stealthier persistence using new services purposely vulnerable to path interception
Approved 1 Comment Submitted by stympanick 2 weeks agoDescription:Identify all services running on your machinesWhat The Data Shows: Unquoted Service...
0Votes
Check if LLMNR is enabled
Approved 3 Comments Submitted by ksnihur 08-12-2019Description: This query looks to see if LLMNR is enabled. Part 2 of 2 for stopping Responder.What Th...
0Votes
Check if NetBios is Enabled - Stopping Responder
Approved 3 Comments Submitted by ksnihur 08-12-2019Description: This query looks to see if NetBioS is enabled. Part 1 of 2 for stopping Responder.What ...
0Votes
Status of Windows Defender Firewall
Approved 1 Comment Submitted by ksnihur 08-12-2019Description: This query looks to see the status of the windows defender firewall status. Windows def...
1Vote
Welcome to the Query Exchange
The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”
Monthly Query Winner
-
New Contributor III
Read More
Query Use Cases
IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.
Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.
Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.
Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.
Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.
Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.
