Announcing the Release of Carbon Black EDR 7.7 with Live Query API
Posted on July 26, 2022
EDR Live Query exposes an operating system as a high-performance relational database, which enables you to write SQL-based queries that explore operating system data. These queries allow you to gain a better understanding of your environment, analyze security vulnerabilities, and identify anomalies like unencrypted disks or processes running without a binary on disk.
Live Query is based on osquery, which is an open-source project that uses a SQLite interface. The Live Query API allows you to execute queries against the operating system via API call and analyze the results outside of the EDR console.
The Live Query API is available in EDR Server versions 7.7 and above.
- EDR Server 7.7.0+
- EDR Windows Sensor 7.1.0+
Other improvements in EDR 7.7
- Containerized EDR Server for on-prem Carbon Black EDR customers
- Active Directory (AD) Integration for on-prem Carbon Black EDR customers
- Sensors Page Filtering Enhancements
- Isolate/Unisolate Audit Logging Enhancements
- Coreservices API Payload Validation Enhancements
- Various bug fixes and other small enhancements
- Improvements to the API for managing IP Approvals
- Consistent use of Approved and Banned on API routes
- VMware Carbon Black EDR 7.7 Release Announcement
- EDR API release notes
- EDR APIs and Integrations
- EDR User Guide