Configure Live Query settings
For the first time, when you land this page, you need to configure Live Query Settings.
- Log on to the SEQRITE Endpoint Security.
- Go to EDR > Live Query.
- When you open this page for the first time, as Live Query Settings are not configured, you see the message about configuring Live Query Settings. Click Configure Live Query Settings.
- You are redirected to the Configurations > EDR page. For more details, go to https://docs.seqrite.com/docs/seqrite-endpoint-security-8-2/configurations/endpoint-detection-response/edr-ova-deployment/
Run Live Query on EPS console
Before running a live query, ensure the Live Query Server is reachable.
To run a Live Query, follow these steps.
- Log on to the SEQRITE Endpoint Security.
- Go to EDR > Live Query.
- From the Platform list, select Windows,
- Select a table from the list. There is 100+ auto-suggested tables available on the list. Visit this URL https://www.osquery.io/schema/5.6.0 for more reference.
- Select the host from the list. This is the endpoint on which you want to run the query.
- The Query appears in the box. Click Run Query.
- Within 30 seconds, the result of the query appears. If the query is more complex and unable to resolve within 30 seconds, an error message appears.
- You can export the query result by using Export as XLS button.
You can search for a parameter with the Search facility.
Query Limitations
• Query execution time : 30 seconds
Note: Ensure that you add a host entry for the live query server IP and hostname on the endpoint as well as on the EPS server.