Live Discovery Query to find filenames. Would support wildcards in path and filename
I would like to see Sophos provide a Live Discovery Query that would allow you to search for Files by filename and path. You would need to be able to specify wildcards in both the filename and path.
When the search returns the data it would be helpful if it would show the hash for the file and other file information. (size, creation date, etc.)
I receive alerts from MS-ISAC, FBI and Cal ISAC. They often report file names or file extensions as IOCs and expect you to search for any occurrence to determine if the system has been affected.
I understand that searching every filename on a system for a match can be costly in resources across many systems. The resource usage could be kept down by using the file paths to limit the search and also by allowing a list of file paths with file names to be provided upfront. That way the query could be run once for all of the IOCs, rather than run for each IOC individually.
This works great for me.
WHERE directory LIKE 'C:\users\%\desktop%%' AND filename LIKE '%%.exe'