logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Live Query fails with 404

EDR: Live Query fails with 404

Environment

  • EDR Server: 7.2 
  • EDR Sensor: 7.0.1 and lower
  • Microsoft Windows: All Supported Versions
  • OSX Sensor:  All versions

Symptoms

  • Query returns an error in the UI
Error: Failed to run query. Request failed with status code 404

Cause

Query is being ran against sensors that do not support Live Query

Resolution

  • Upgrade Windows sensors to 7.1 or higher
  • Update query to run against sensors on Windows version 7.1

Additional Notes

  • EDR Version 7.6.0 notes "Live Query is released as beta, and is not fully-featured at this time."
  • Live Query beta is released with Carbon Black EDR 7.2.
  • VMware Carbon Black welcomes all customer feedback on this feature as we continue to develop it for general availability.
  • Requires the Carbon Black EDR Windows sensor 7.1.0 or higher.
  • Live Query is based on osquery, which is an open source project that uses a SQLite interface.

Related Content


Labels (2)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-06-2020
Views:
2486
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.