Audit and Remediation: What Protections are in Place to Prevent Unauthorized Use of LiveQuery?
search cancel

Audit and Remediation: What Protections are in Place to Prevent Unauthorized Use of LiveQuery?

book

Article ID: 290206

calendar_today

Updated On:

Products

Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops)

Issue/Introduction

What controls and protections are offered to prevent unauthorized access to Live Query?

Environment

  • Audit and Remediation: All Supported Versions
  • Microsoft Windows: All Supported Versions

Resolution

  • Existing access controls for a Carbon Black Cloud Organization will apply to Audit and Remediation Features.

  • Only Users with the correct permissions can see and use the Live Query Features.

Additional Information

  • CSR Roles cannot see the Live Query Features in a organization, however they may have access to turn on of off the Live Query feature in an Organization.

  • Existing 2FA or SAML setups will be used as before.

  • Tamper protections are in place to prevent unauthorized deletion of the sensor components. However, by design, osqueryi can still be run on the endpoint.

Powered by Wolken Software