Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Audit and Remediation: How To Stop a Running Query

Audit and Remediation: How To Stop a Running Query

Environment

  • Carbon Black Cloud Console: .38 Release and higher
  • Carbon Black Cloud Sensor: Version 3.3 and higher
    • Audit and Remediation
  • Microsoft Windows: All Supported Versions

Objective

Stop a running query in Live Query

Resolution

  1. Log in to Carbon Black Cloud console and navigate to the "Live Query" page
  2. Under "Query History", select a query that has a status of " in progress" that you would like to stop running
  3. In the live query details page, click "Stop Query" in the top right corner
  4. In the stop Query confirmation box, click "Stop Query"
  5. A green confirmation dialog will show, indicating that the request to stop the query has been submitted
  6. Confirm the query has been stopped by going to the Live Query page, and look for the status next to the query. The status should read "Stopped".

Additional Notes

  • Any data already collected by the query at the time it stopped will still be visible in the live query details page.
  • Before a query has begun running on the endpoint (It's queued up); the "stop" command informs the endpoint not to even begin running it. However, if it's already begun on an endpoint it will not be terminated. There is a code change planned to implement a terminate request (DSEN-8537).

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-11-2018
Views:
914
Contributors