cancel
Showing results for 
Search instead for 
Did you mean: 

Query Exchange

QUERIES

Check Devices for BlueKeep Vulnerability

Under Review 0 Comments Submitted by mjomha Friday

Description: Query looks for Devices that are vulnerable to the BlueKeep Windows vulnerability (CVE-...

Community Incident Response Vulnerability Management Windows

1Vote

Find Active Wireless Interfaces

Approved 5 Comments Submitted by ksnihur a week ago

Description: Looks for active wireless interfaces
What The Data Shows:Shows all active wireless ...

Community Incident Response Windows

0Votes

Find specific installed application and version

Approved 1 Comment Submitted by ksnihur 2 weeks ago

Description: This query can be customized to specify the application to be queried. (replace the VLC...

Community IT Hygiene Vulnerability Management Windows

0Votes

Rogue DHCP Servers

Approved 1 Comment Submitted by ksnihur 2 weeks ago

Description: This query looks for DHCP servers that are not in a permitted list.
What The Data S...

Community Incident Response IT Hygiene Windows

0Votes

Executable in Suspicious Locations

Approved 1 Comment Submitted by ksnihur 2 weeks ago

Description: This query looks for suspicious executables which are in unusual locations.
What Th...

Community Incident Response IT Hygiene Windows

0Votes

Stealthier persistence using new services purposely vulnerable to path interception

Approved 1 Comment Submitted by stympanick 2 weeks ago

Description:Identify all services running on your machines
What The Data Shows: Unquoted Service...

Carbon Black Vulnerability Management Windows

0Votes

Check if LLMNR is enabled

Approved 3 Comments Submitted by ksnihur 08-12-2019

Description: This query looks to see if LLMNR is enabled. Part 2 of 2 for stopping Responder.What Th...

Community IT Hygiene Windows

0Votes

Check if NetBios is Enabled - Stopping Responder

Approved 3 Comments Submitted by ksnihur 08-12-2019

Description: This query looks to see if NetBioS is enabled. Part 1 of 2 for stopping Responder.What ...

Community IT Hygiene Windows

0Votes

Status of Windows Defender Firewall

Approved 1 Comment Submitted by ksnihur 08-12-2019

Description: This query looks to see the status of the windows defender firewall status. Windows def...

Community IT Hygiene Windows

1Vote

Search for password database files and private keys

Approved 6 Comments Submitted by ksnihur 08-10-2019

Description:This query shows filenames in windows users subfolders that contains private key files (...

Community IT Hygiene Windows

0Votes

Welcome to the Query Exchange

The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”

Query Use Cases

IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.

Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.

Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.

Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.

Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.

Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.