Windows Disk Usage query

The article includes query to fetch the Windows Disk usage:

Query

SELCET DISTINCT

upt_hostname,

upt_time,

device_id,

size,

free_space,

size - free_space AS userspace,

cast(size - free_space AS decimal(20, 2)) / cast(size AS decimal(20, 0))*100 AS PERCENT

FROM

logical_drives

WHERE

size > 0

Related Articles
Disk Usage Query (Linux and Darwin)
This article includes the query used to find out the disk usage of a mount point for a particular host: Query SELECT m.upt_asset_id, m.upt_time, m.path, Round(( ( m.blocks - m.blocks_available ) * m.blocks_size * 10e-10 ), 2) AS used_gigs FROM ...
Windows Forensic Analysis queries
This article includes a list of queries to conduct forensic analysis on Windows systems. These are categorized into sections as - processes, services, file system activities, user login/session activities, network traffic. ...
Query for CVE-2020-1350 Vulnerability for Windows Domain Name Systems
Microsoft released an update on July 14 2020 for CVE-2020-1350 , a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server that is classified as a ‘wormable’ vulnerability and has a CVSS base score of 10.0. This issue results from a ...
Query to find Processes Running
Processes running between certain times Query SELECT * FROM windowed_processes p WHERE p.upt_add_time >= <TIMESTAMP> AND p.upt_add_time <= <TIMESTAMP>; Example All processes running between 2018-07-18 2:00 to 2018-08-18 3:00 SELECT * FROM ...
High CPU Utilization Alert Query
Query WITH cpu_incremental AS ( SELECT upt_asset_id, upt_hostname, upt_time, cpu_idle - LAG(cpu_idle) OVER (PARTITION BY upt_asset_id ORDER BY upt_time) AS cpu_idle, cpu_total - LAG(cpu_total) OVER (PARTITION BY upt_asset_id ORDER BY upt_time) AS ...

Related Articles