New CB LiveOps Release Brings Recommended Queries to Users

Type carbonblack
Reporter Pinal Desai
Modified 2019-05-14T21:32:02


Security & IT teams often have no reliable way to check on the current status of their endpoints across their enterprise. This forces these teams to piece together information from multiple management consoles in order to get answers about the health of their entire fleet. Even when they do have access to a real-time endpoint query tool, it can be difficult for administrators to know what types of data they can actually get from those solutions, leading to an inability to make informed remediation decisions and unnecessary spending on infrastructure maintenance.

Unlike endpoint detection & response (EDR) solutions, which collect and store historical endpoint activity, CB LiveOps is an endpoint query & remediation solution that makes it quick and easy for teams to reach out directly to their endpoints and pull back data about the current status of those devices. Along with helping teams speed up incident response investigations, CB LiveOps also makes it easy for security & IT teams to proactively gather data to confirm patch levels, inventory software licenses, check for unwanted browser extensions, prove compliance, and more.

The latest release of CB LiveOps provides users with an in-product catalog of recommended queries, giving them powerful pre-built queries that help shine a light on potential gaps that exist in their environment. Read on to find out all about the new functionality included in the April 2019 release of CB LiveOps.

Recommended Queries Catalog

Users now have the ability to access and run recommended queries, making it easy for them to leverage the security expertise of Carbon Black’s Threat Analysis Unit (TAU) team. This query catalog includes completely pre-built live queries for both Windows and macOS devices.

The query builder in CB LiveOps has always made it easy for users who aren’t familiar with the SQL language to quickly build out and ship queries. This new feature takes that approach a step further by making it effortless for security & IT teams to get valuable insights about the current status of all the endpoints in their environment.

The queries included in this dynamic in-product catalog are tested by experts and categorized into four groups:

  • Compliance
  • IT Hygiene
  • Threat Hunting
  • Vulnerability Management

Each recommended query also includes a brief summary that explains the value of the query or describes what expected results will look like. As new threat research emerges, the TAU team can immediately populate newly developed queries in the product, allowing users to quickly eliminate vulnerability against new threats.

Device View

The new Device View makes it easier for users to see the results of a query from a device-centric perspective. This view is particularly helpful for queries that return multiple results from each device being queried.

This new view gives users useful information about the status of their query, including which devices have already responded, which devices matched the query criteria, metrics on memory and CPU usage for each device, and the response time for each device. For devices that have multiple results, users can click the number in the Results column to see details about all results from that specific endpoint.

Users can easily pivot back and forth from the Results view to the Device view in order to find the specific details that are most important at any given time.

Simplified Results Management

Users can now search the query history to easily find results from queries run in the past. Along with searching from the Query History section to search back through all stored query results, users can also click into a specific query and search through the results of that individual query.

Users can now also choose to delete past query results that are no longer needed in the console. This helps to eliminate any clutter and reduces concerns about sensitive query results being accessible longer than needed.

Want to learn more about how you can extend your team’s visibility into the current status of all your endpoints? Click here to view an on-demand demo of CB LiveOps.

See Also:

The post New CB LiveOps Release Brings Recommended Queries to Users appeared first on Carbon Black.