Sensor Support for osquery in Audit and Remediation

The following tables show which Carbon Black Cloud sensor versions support which versions of osquery for Audit and Remediation - Live Query.

Windows Sensor Support for osquery


Windows Sensor Version	osquery Version
4.0.0.1292	5.9.1
3.9.2.2698	5.5.1
3.9.1.2691	5.5.1
3.9.1.2464	5.5.1
3.9.0.2357	5.5.1
3.8.0.722	5.2.3
3.8.0.684	5.2.3
3.8.0.627	5.2.3
3.8.0.535	4.8.0
3.8.0.398	4.8.0
3.7.0.1503	4.8.0
3.7.0.1411	4.7.0
3.7.0.1253	4.5.0
3.6.0.2076+	4.5.0
3.6.0.1719+	4.4.0
3.5.0.1627+	4.1.2
3.4.0.1016+	3.3.2
3.3.0.984	3.2.6

Note: Carbon Black does not support x86 architecture (Windows 32-bit) for Live Query in any sensor version because osquery does not support it.

Linux Sensor Support for osquery


Linux Sensor Version	osquery Version
2.16.0	5.9.1
2.15.x	5.8.2
2.14.0	5.5.1
2.13.x	5.2.2
2.12.x	5.0.1
2.11.x	4.8.0
2.10.x	4.5.0
2.9.0-2.9.1	4.4.0
2.8.0-2.8.3	4.1.2
2.7.0-2.7.1	4.1.2
2.6.0	3.3.2
2.5.0	3.3.2
2.4.0	3.3.2
2.2.0	None
2.1.0	None

macOS Sensor Support for osquery


macOS Sensor Version	osquery Version
3.8.0	5.9.1
3.7.4	5.8.2
3.7.3	5.7.0
3.7.2	5.3.0
3.7.1	5.2.3
3.6.2	4.9.0
3.6.1	4.9.0
3.5.3	4.8.0
3.5.1	4.5.0
3.4.4	4.4.0
3.4.3	4.1.2
3.3.3 - 3.4.2	3.3.2
3.3.2	3.2.6
3.3.1	3.2.6