Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB LiveQuery: What Do The Columns In The Device View Mean?

CB LiveQuery: What Do The Columns In The Device View Mean?

Environment

  • CB Defense Sensor: 3.3.x And Higher
  • CB Defense Web Console: All Versions
  • Microsoft Windows: All Supported Versions
  • Mac OSX: All Supported Versions
  • LiveQuery Feature Enabled

Question

When using the LiveQuery feature, what do the columns in the Device View mean?

Answer

The table below contains the column definitions, here is a screenshot of the device view from within the console for reference:

Device_View
 
ColumnDefinition
DeviceThe name of the endpoint that responded to the query
TimeTimestamp for when the query returned to the Carbon Black console
ResultsThe number of results which matched the query question
MemoryThe maximum amount of memory the query used on the device during query runtime
Response TimeThe amount of time it took to run the query on the device
CPU UsageThe average amount of CPU the query used on the device during query runtime. This is also an average over all CPUs when multiple cores are present.

Additional Notes

  • Our new Device View inside the query results page reveals data regarding the impact of running the query on the selected devices. We are surfacing this data so you and your team can use the information to craft your queries appropriately.
  • Please keep in mind the Memory and CPU stats are peak usage, and that if the CPU, or individual cores, are idle during the query then it can spike to near 100%.
  • If the Response Time is more than five minutes, it is recommended that the query should be rewritten, or run during a time frame when the device will not be negatively impacted.

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
686
Contributors