Thirtyseven4 EDR Security

Live Query Settings

Print Friendly, PDF & Email

Live Query

Live Query is a new Thirtyseven4 EDR Security feature that is part of other Thirtyseven4 EDR Security product Endpoint Detection & Response (EDR). With Live Query, you can ask questions of endpoints in real-time and identify areas for improving security.

This feature is only available to customers with the following licenses.

  • Thirtyseven4 EDR Security server 8.2 onwards only.
  • EDR

Supported Platforms

  • Thirtyseven4 EDR Security 8.2 is available only on Ubuntu 22.
  • EDR – Windows 64-bit client only, Win 7 and above

To run live query, do the following steps.
Step 1 : Download EDR Setup on Thirtyseven4 EDR Security Console
Step 2: On Oracle VM VirtualBox, fresh install MISP and Live Query server
Step 3: Configure Live Query Server on Thirtyseven4 EDR Security console
Step 4: Run live query on Thirtyseven4 EDR Security console

Step 1 : Download EDR Setup on Thirtyseven4 EDR Security Console

  1. Log on to the Thirtyseven4 EDR Security.
  2. Go to EDR > Live Query.
  3. When you open this page for the first time, as Live Query Settings are not configured, you see the message about configuring Live Query Settings. Click Configure Live Query Settings.
  4. You are redirected to the Configurations > EDR page. Click Download EDR setup.

Step 2: On Oracle VM VirtualBox, fresh install MISP and Live Query server

For the fresh installation of MISP and Live Query server procedure, see EDR OVA Deployment.

Step 3: Configure Live Query Server on Thirtyseven4 EDR Security console

After MISP and Live Query server are installed successfully, to configure Live Query server, follow these steps.

  1. Go to Configurations > EDR.
  2. Select the Enable Live Query check box .
  3. Enter host name in the Server text box.
  4. Enter Port number. By default, the value is 6443. You can change the port number if required.
  5. To test the Live Query server connection, click Test connection.
  6. After successful verification, click Apply.
    The Live Query server is configured.

Note
After configuring and applying the Live Query server settings, the Live query server installation starts for available machines. If installation fails, you will receive ‘Live Query Installation failed’ notification.
Repeat Test Connection step and apply again to retry the installation.

Was this page helpful?
Yes No

Leave a Comment