Audit and Remediation: How long does a query take to run?
Article ID: 290249
Updated On:
Products
Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops)
Issue/Introduction
How long does a query take to run after it's been executed?
Environment
- Carbon Black Cloud Console: 0.38 Release and higher
- Audit and Remediation
- Carbon Black Cloud Linux Sensor: 2.3.x.x and Higher
- Carbon Black Cloud macOS Sensor: 3.3.x.x and Higher
- Carbon Black Cloud Windows Sensor: 3.3.x.x and Higher
Resolution
The time a query takes to return results is variable depending on several factors. It could take a few seconds, to several minutes or more. This is expected behavior.
Additional Information
- All communication between the Sensor and Console is initiated by the Sensor
- All actions taken in the Console are queued as hints for Sensors to pick up and act upon during regular check-in intervals
- No action taken in the Console is a command or sent in real-time
- Live Query result response speeds can depend on several factors:
- Other events on the sensor may have send priority above returning Live Query results.
- Queries that are compute intensive ( such as selecting all hashes from a computer, selecting all files from the C drive) will take a long time to return results in most cases.
- Queries will take longer during sensor busy periods such as a new installation, or the sensor just starting up.
- A one-time query will run for up to 7 days or until complete.
- A scheduled query will run until the next scheduled query or until complete.
- A query will be complete when the number of responses is equal to the amount of sensors that had checked in within 7 days of the query starting.
Feedback
Yes
No
Powered by
