With Live Query, you can ask questions of endpoints in real time and quickly identify areas for improving security and IT hygiene.

You can use the pre-built recommended queries catalog created by Carbon Black security experts or craft your own SQL queries with the open text SQL Builder. Both options provide the same results view. Live Query is powered by https://osquery.io, an open source project that uses an SQLite interface. Access depends on user role authorization.

For information regarding Live Query support, see VMware Carbon Black Cloud™ Audit and Remediation Operating Environment Requirements

Tip: See the Live Query API section of the Developers Network for related information.

In addition, you can find many community-supported, ready-to-use osquery SQL statements in the VMware Carbon Black Query Exchange or make a SQL Query Recommendations call to get hundreds of recommendations created by Carbon Black security experts.