EDR: Live Query fails with 404
search cancel

EDR: Live Query fails with 404

book

Article ID: 286307

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

  • Query returns an error in the UI
Error: Failed to run query. Request failed with status code 404

Environment

  • EDR Server: 7.2 
  • EDR Sensor: 7.0.1 and lower
  • Microsoft Windows: All Supported Versions
  • OSX Sensor:  All versions

Cause

Query is being ran against sensors that do not support Live Query

Resolution

  • Upgrade Windows sensors to 7.1 or higher
  • Update query to run against sensors on Windows version 7.1

Additional Information

  • EDR Version 7.6.0 notes "Live Query is released as beta, and is not fully-featured at this time."
  • Live Query beta is released with Carbon Black EDR 7.2.
  • VMware Carbon Black welcomes all customer feedback on this feature as we continue to develop it for general availability.
  • Requires the Carbon Black EDR Windows sensor 7.1.0 or higher.
  • Live Query is based on osquery, which is an open source project that uses a SQLite interface.
Powered by Wolken Software