Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb LiveQuery : How to Query Endpoints Using Query Builder

Cb LiveQuery : How to Query Endpoints Using Query Builder

Environment

  • Cb Live Query: Current Version
  • Cb Defense Web Console: .38 Release and higher
  • Cb Defense Sensor: Version 3.3 and higher
  • Microsoft Windows: All Supported Versions

Objective

Use the query builder in LiveQuery to Query endpoints

Resolution

  1. Log in to PSC and navigate to the "Live Query" page
  2. Under "New Query", choose the "Query Builder" tab
  3. Select a table you wish to query from from the "Select a table" list.
  4. Under "Select a field", select one of the following options:
    • Select "All Fields"
    • Select a specific field, and enter a value you wish to search for. For additional fields, click the "+" button
  5. From the "Select a policy" dropdown list, choose a policy containing endpoints you want to run the query on
  6. Give your query a name in the "Query name" box
  7. If you wish to have an email sent when the query completes, check " Email me when complete"
  8. Click "Run". You will get either a green( success) status message, or a red( failure) message
    • For failure messages, please note the message, adjust your query, and try again
    • For success messages, please continue to monitor the Live Query console for results to be returned, or if you have the option checked, look for an email to be sent to you when the query completes, then come back to the console to view results.

Additional Notes

Depending on what the query does, results can take some time to be returned. This is expected behavior. If you need assistance with SQL syntax, or table schema, please refer to the documentation links for each in the "SQL Query" tab.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-11-2018
Views:
2180
Contributors