Live Query functionality allows users to run real-time queries against endpoints to gather information for security analysis and IT hygiene purposes.
Live Query Execution
To execute a Live Query, follow these steps:
- Click ‘Live Query’ option in the left menu. The Live Query Page appears.
Note: Users can also access the Live Query feature directly from the Alert Page. - On the Live Query Page, select the desired platform from the Platform list. This selection determines the target platform for running the query.
- Select the table from the list.
Note: There are over 100 suggested tables to choose from. Visit this URL https://www.osquery.io/schema/5.6.0 for further reference and information. - Select the host from the list. This is the endpoint on which you want to run the query.
- The query will be displayed in the designated box on the page. Review and ensure it reflects your intended query then click Run Query. Within 30 seconds, the result of the query will appear on the screen. In the event that the query cannot be resolved within the given time frame, an error message will be displayed instead.
- If desired, you can export the query result by using the "Export as XLS" button.
Additionally, you can utilize the Search feature to find a specific parameter or information within the Live Query interface.
Query Limitations
Query execution time : 30 seconds
Search History
The Search History feature allows you to access and retrieve previously executed queries, as they are automatically saved for your convenience. A specific query can be searched within the saved records using this feature.
Note☛
The Live Query feature is available for Windows, Linux and macOS.