Other versions

Reference: Example questions

This reference provides examples to help you understand the kinds of questions you can ask.

Example starter questions

This section gives examples of common questions.

How can I get a list of running services or be able to single out a specific endpoint?

Get Running Service from all machines

Get Service Details from all machines

Get Running Service from all machines with Computer Name containing "hostname"

How can I get a list of running processes or be able to single out a specific endpoint?

Get Running Processes from all machines

Get Running Processes from machines where Computer Name contains "hostname"

Get Running Processes and Computer Name contains "hostname" from all machines

How can I display Registry keys and values?

Get Registry Value Data[registry key path, value-name] from all machines

Get Registry Value Data[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, CommonFilesDir] from all machines

Get Registry Key Value Exists[registry key path, value-name] from all machines

Get Registry Key Exists[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion, CommonFilesDir] from all machines

How can I get a list of open ports?

Get Computer Name and Open Port from all machines

Get Open Port from machines where Computer Name contains "hostname"

Get Open Port from all machines with Computer Name containing "hostname"

How can I get user authentication information?

Get Logged In Users contains "username" from all machines

Get Logged In Users containing "BABOON08D9ANGUI\Administrator" from all machines

Get Logged In Users and Computer Name from all machines

Get Local User Login Dates from all machines

Get Logged In Users and Client Date from all machines

Get Last Logged In User and Client Date from all machines

Get Computer Name and Last Date of Local Administrator Login from all machines with Last Date of Local Administrator Login not containing "no results"

Get Local Administrators from all machines

How can I see the current logged on user?

Get User Sessions from all machines

How can I see when users last logged in?

Get local User Login Dates from all machines

How can I get the Service Account Logons?

Get Service Login Names from all machines

How can I get certificate information?

Get Machine Certificates[authroot] from all machines

Get Machine Certificates[disallowed] from all machines

Get Machine Certificates[root] from all machines

For Intermediate Certs:

Get Machine Certificates[CA] from all machines (Intermediate Certs)

How can I detect all running Oracle instances within our Linux environment?

Get computer name and running processes that contains "ora_pmon" from machines with running processes contains "ora_pmon"

How can I get asset information?

Get Cpu and Cpu Details and Chassis and Architecture and Serial Number and Computer Name and Bios and IP Address and Mac Address and serial number from all machines

Example dashboard questions

Reviewing the predefined list of saved questions included in dashboards and categories is a good way to learn how to use questions to get meaningful results. A few of these predefined questions are repeated here to illustrate this.

Security > Data Leakage

Get Computer Name and Non-Approved Established Connections from all machines with Non-Approved Established Connections containing ":"

Security > Wireless Network Security

Get Wireless Networks Visible from all machines

Get Hosted Wireless Ad-Hoc Networks from all machines with Hosted Wireless Ad-Hoc Networks containing "started"

Get Unencrypted Wireless Networks from all machines with Unencrypted Wireless Networks containing "open"

Get Wireless Networks Using WEP from all machines with Wireless Networks Using WEP containing "wep"

Security > Proactive Security

Get Firewall Status containing "disabled" from all machines with Firewall Status containing "disabled"

Get Computer Name and Open Share Details from all machines with Open Share Details not containing "No shares"

Security > Workstation USB Write Protection

Get USB device details from all machines

Get Computer Name and Username from all machines with ( Operating System not containing "server" and USB Write Protected containing "False" )

Get Computer Name and Username from all machines with ( Operating System not containing "server" and USB Write Protected containing "True" )

Last updated: 6/29/2018 1:18 PM | Feedback