cancel
Showing results for 
Search instead for 
Did you mean: 

Query Exchange

QUERIES

All versions of Powershell Core

Under Review 2 Comments Submitted by ksnihur Wednesday

Description: This query looks for all versions (6,7, preview versions) of PowerShell Core installed ...

Community Compliance IT Hygiene Linux Windows

1Vote

Libssh vulnerability - CVE-2018-10933

Approved 1 Comment Submitted by ksnihur 3 weeks ago

Description: Query checks for the libssh vulnerability where clients create channels before authenti...

Community Linux Vulnerability Management

3Votes

Check Devices for BlueKeep Vulnerability

Approved 1 Comment Submitted by mjomha 09-13-2019

Description: Query looks for Devices that are vulnerable to the BlueKeep Windows vulnerability (CVE-...

Community Incident Response Vulnerability Management Windows

1Vote

Find Active Wireless Interfaces

Approved 7 Comments Submitted by ksnihur 09-09-2019

Description: Looks for active wireless interfaces
What The Data Shows:Shows all active wireless ...

Community Incident Response Windows

0Votes

Find specific installed application and version

Approved 1 Comment Submitted by ksnihur 09-09-2019

Description: This query can be customized to specify the application to be queried. (replace the VLC...

Community IT Hygiene Vulnerability Management Windows

0Votes

Rogue DHCP Servers

Approved 1 Comment Submitted by ksnihur 09-09-2019

Description: This query looks for DHCP servers that are not in a permitted list.
What The Data S...

Community Incident Response IT Hygiene Windows

0Votes

Executable in Suspicious Locations

Approved 1 Comment Submitted by ksnihur 09-09-2019

Description: This query looks for suspicious executables which are in unusual locations.
What Th...

Community Incident Response IT Hygiene Windows

0Votes

Stealthier persistence using new services purposely vulnerable to path interception

Approved 1 Comment Submitted by stympanick 09-05-2019

Description:Identify all services running on your machines
What The Data Shows: Unquoted Service...

Carbon Black Vulnerability Management Windows

0Votes

Check if LLMNR is enabled

Approved 3 Comments Submitted by ksnihur 08-12-2019

Description: This query looks to see if LLMNR is enabled. Part 2 of 2 for stopping Responder.What Th...

Community IT Hygiene Windows

0Votes

Check if NetBios is Enabled - Stopping Responder

Approved 3 Comments Submitted by ksnihur 08-12-2019

Description: This query looks to see if NetBioS is enabled. Part 1 of 2 for stopping Responder.What ...

Community IT Hygiene Windows

0Votes

Welcome to the Query Exchange

The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”

Query Use Cases

IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.

Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.

Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.

Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.

Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.

Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.