Environment
- Audit and Remediation: All Supported Versions
- Microsoft Windows: All Supported Versions
Question
What controls and protections are offered to prevent unauthorized access to Live Query?
Answer
Additional Notes
-
CSR Roles cannot see the Live Query Features in a organization, however they may have access to turn on of off the Live Query feature in an Organization.
-
Existing 2FA or SAML setups will be used as before.
-
Tamper protections are in place to prevent unauthorized deletion of the sensor components. However, by design, osqueryi can still be run on the endpoint.
Related Content