QUERIES
Firefox 72 Vulnerability
Under Review 1 Comment Submitted by stympanick FridaySource:https://techcrunch.com/2020/01/10/firefox-security-bug-zero-day/Description:This query l...
0Votes
CVE-2019-1388 Detection
Under Review 1 Comment Submitted by mshahnawaz 2 weeks agoDescription: Privilege escalation in UAC due to hyperlink in Certificate - CVE-2019-1388What The Dat...
Community Incident Response Vulnerability Management Windows
0Votes
macOS mail.app spawning reverse shells
Approved 1 Comment Submitted by stympanick 3 weeks agoSource:https://holdmybeersecurity.com/2020/01/03/poc-mail-app-the-boomerang-of-reverse-shells-on-mac...
1Vote
Windows services associated with most common remote control tools
Approved 3 Comments Submitted by jaydelcic 3 weeks agoDescription: This query looks for service names associated with the most common remote control tools...
0Votes
DB_Rep Size query
Approved 3 Comments Submitted by ryan_manni 3 weeks agoDescription: This query looks for the DB_rep file for CB Defense and pulls back the sizeWhat Th...
0Votes
Check if auth using blank password is possible via Network
Approved 1 Comment Submitted by jaydelcic 12-22-2019Description: Checks for the value of 'LimitBlankPasswordUse' registry key. Recommendation is for the...
0Votes
HKEY_USERS (NTUSER.DAT) Registry Query
Approved 6 Comments Submitted by creams 12-13-2019Description:Looking for any PsExec Registry keys in an organization.What The Data Shows:We're t...
2Votes
macOS LaunchDaemon's that keep running
Approved 1 Comment Submitted by stympanick 10-31-2019Description:macOS LaunchDaemon'sWhat The Data Shows: Find every macOS LaunchDaemon that launche...
4Votes
All versions of Powershell Core
Approved 3 Comments Submitted by ksnihur 10-09-2019Description: This query looks for all versions (6,7, preview versions) of PowerShell Core installed ...
1Vote
Libssh vulnerability - CVE-2018-10933
Approved 1 Comment Submitted by ksnihur 09-20-2019Description: Query checks for the libssh vulnerability where clients create channels before authenti...
3Votes
Welcome to the Query Exchange
The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”
Query Use Cases
IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.
Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.
Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.
Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.
Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.
Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.
