Audit and Remediation: How to Free-Form Query Endpoints
Article ID: 289756
Updated On:
Products
Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops)
Issue/Introduction
Run a custom query using Audit and Remediation
Environment
- Carbon Black Cloud Console: 0.38 Release and higher
- Audit and Remediation
- Carbon Black Cloud Linux Sensor: 2.3.x.x and Higher
- Carbon Black Cloud macOS Sensor: 3.3.x.x and Higher
- Carbon Black Cloud Windows Sensor: 3.3.x.x and Higher
Resolution
- Go to Live Query > New Query
- Click SQL Query tab
- Enter name of query for reference (required)
- Enter desired query in SQL box
- Select specific Policy(ies) or Endpoint(s) as desired
- Click Run
Additional Information
Results can take some time to be returned. This is expected behavior. If you need assistance with SQL syntax, or table schema, please refer to the documentation links for each in the "SQL Query" tab.
- A summary email can be sent, indicating the results are available in the console by selecting the "Email me when complete" option when creating the query
- On submitting a query, either a green( success) status message, or a red( failure) message will be displayed
- For failure messages, please note the message, adjust the query, and try again
- For success messages, please continue to monitor the Live Query console for results to be returned, or look for an email to be sent when the query completes, then come back to the console to view results
Feedback
Yes
No
Powered by
