Description:This query gives you the started processed also with usernameTested on Windows 7 Wi...
Description: This query leverages the new feature in Audit and Remediation to be able to query the W...
Carbon Black Compliance Help Desk Operations IT Hygiene Windows
Description: Finding specific indicators of compromise (IOCs) in memory or on diskWhat The Data...
Description: Threat actors disable AV to evade detection. The proposed query probes the state of reg...
Source:https://www.uptycs.com/blog/osquery-tutorial-how-to-check-disk-encryption-on-mac-linux-and-wi...
Description: This query looks for listening docker daemon TCP sockets. These sockets are vulnerable ...
Carbon Black Compliance IT Hygiene Linux Vulnerability Management
Description: This query discovers the Intel Management Engine (IME) version, and cross-references it...
Carbon Black Compliance IT Hygiene Vulnerability Management Windows
Description:Lists endpoints that are either vulnerable or not vulnerable to the SMBleed vulnerabilit...
Description: This query looks for versions of the salt-master package vulnerable toCVE-2020-11651 an...
Description: This query looks for the default named pipes used by the most common C2/LM tools.What T...
The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”
IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.
Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.
Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.
Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.
Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.
Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.