cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Query Exchange

QUERIES

Windows SMBv3 Client/Server Remote Code Execution Vulnerability (CVE-2020-0796)

Approved 1 Comment Submitted by gallen 2 weeks ago

Description:Discover SMB servers potentially vulnerable to CVE-2020-0796. Indicates vulnerability wh...

Carbon Black Vulnerability Management Windows

3Votes

CVE-2020-0796 | Windows SMBv3 RCE

Approved 1 Comment Submitted by s-shimizu 2 weeks ago

Description:Query checks forCVE-2020-0796Windows SMBv3 Client/Server Remote Code Execution Vulnerabi...

Community IT Hygiene Windows

3Votes

Linux and macOS X login information

Under Review 1 Comment Submitted by stympanick a month ago

Description:Linux and macOS X login information
Source:https://medium.com/@zercurity/building-at...

Carbon Black Help Desk Operations Incident Response IT Hygiene Linux Mac

1Vote

Programs Installed In Non-Standard Windows Locations

Under Review 1 Comment Submitted by stympanick a month ago

Description: Programs Installed In Non-Standard Windows Locations
What The Data Shows:Programs I...

Carbon Black Incident Response IT Hygiene Windows

2Votes

Find potential reverse shell or TTY abuse

Approved 6 Comments Submitted by gallen 02-12-2020

Description:
This query searches for socat or scripting connections to TTYs as non-root users. T...

Carbon Black Incident Response Linux

1Vote

CVE-2019-18634: sudo 1.7.1 <= version < 1.8.26 vulnerable when pwfeedback set (query for RHEL/CENTOS)

Approved 1 Comment Submitted by gallen 02-11-2020

Description: This query looks for vulnerable versions of SUDO on rpm-based systems that also have th...

Carbon Black Linux Vulnerability Management

0Votes

Firefox 72 Vulnerability

Under Review 1 Comment Submitted by stympanick 01-24-2020

Source:https://techcrunch.com/2020/01/10/firefox-security-bug-zero-day/
Description:This query l...

Carbon Black Vulnerability Management Windows

0Votes

macOS mail.app spawning reverse shells

Approved 1 Comment Submitted by stympanick 01-09-2020

Source:https://holdmybeersecurity.com/2020/01/03/poc-mail-app-the-boomerang-of-reverse-shells-on-mac...

Carbon Black Incident Response Mac

1Vote

Windows services associated with most common remote control tools

Approved 3 Comments Submitted by jaydelcic 01-08-2020

Description: This query looks for service names associated with the most common remote control tools...

Community Incident Response IT Hygiene Windows

1Vote

DB_Rep Size query

Approved 3 Comments Submitted by ryan_manni 01-06-2020

Description: This query looks for the DB_rep file for CB Defense and pulls back the size
What Th...

Community IT Hygiene Windows

0Votes

Welcome to the Query Exchange

The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”

Query Use Cases

IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.

Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.

Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.

Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.

Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.

Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.