Carbon Black Cloud: When testing a policy rule with Test Rule, an error is returned "your query is invalid."
search cancel

Carbon Black Cloud: When testing a policy rule with Test Rule, an error is returned "your query is invalid."

book

Article ID: 288226

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

When testing a policy rule, user types in the criteria (ie path), and directly clicks on "Test Rule" without saving and confirming, this pop up error appears: 
"Test Rule: not a valid query."

Environment

  • Carbon Black Cloud Backend: 1.x
  • Carbon Black Cloud Sensors:  All versions

Cause

The rule was not first saved and confirmed.

Resolution

One can save and test a policy rule by creating a new test policy, and saving the rule there to avoid testing in a production policy.
Powered by Wolken Software