Environment
- Carbon Black Cloud Console: 0.38 Release and higher
- Carbon Black Cloud Linux Sensor: 2.3.x.x and Higher
- Carbon Black Cloud macOS Sensor: 3.3.x.x and Higher
- Carbon Black Cloud Windows Sensor: 3.3.x.x and Higher
Objective
Run a custom query using Audit and Remediation
Resolution
- Go to Live Query > New Query
- Click SQL Query tab
- Enter name of query for reference (required)
- Enter desired query in SQL box
- Select specific Policy(ies) or Endpoint(s) as desired
- Click Run
Additional Notes
Results can take some time to be returned. This is expected behavior. If you need assistance with SQL syntax, or table schema, please refer to the documentation links for each in the "SQL Query" tab.
- A summary email can be sent, indicating the results are available in the console by selecting the "Email me when complete" option when creating the query
- On submitting a query, either a green( success) status message, or a red( failure) message will be displayed
- For failure messages, please note the message, adjust the query, and try again
- For success messages, please continue to monitor the Live Query console for results to be returned, or look for an email to be sent when the query completes, then come back to the console to view results
Related Content