How to find the commands fired via Live Response from EDR Backend?

• EDR(Formerly Carbon Black Response) Server: All Supported Versions

The "/var/cb/data/liveresponse" directory stores “get” and “put” files. It also contains the output of all executed commands. For example, if you perform a process listing, the list goes into this directory in JSON format. If you download a file (for example, using the archive command), it appears in this directory (under /tmp) and on the host that is running the Carbon Black EDR browser.
 

Example: sensordiag.exe -type CDE
[root]# cat command.json
{"id": 11, "session_id": 1, "sensor_id": 3, "status": "complete", "name": "create process", "username": "cbadmin", "create_time": 1641449425.154302, "object": "C:\\WINDOWS\\carbonblack\\sensordiag.exe -type CDE", "completion": 1641449719.7449284, "result_code": 0, "result_type": "WinHresult", "result_desc": "", "return_code": 0, "wait": true, "pid": 6560, "output_file": "C:\\WINDOWS\\CarbonBlack\\cblr.1.7606.tmp"}