View the Results of an Agent Query
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
View the Results of an Agent Query
The Agent Query page
displays all saved and applied queries and enables you to review
results for applied queries. By expanding the row for the query,
you can view additional information about matches including when
and on which Windows endpoint the match was found, the file or registry
key that matched the search parameter, and metadata details for
the file. Use the results you receive after you run an agent query
to identify and take additional action, if needed, to secure the
endpoint
- From the PoliciesForensicsAgent Query page,
select the row for the applied query. The row expands to display
additional information about the query and includes any matches
for the query in the Agent Query, Found matches section.For each applied query, the ESM Console displays the number of endpoints that received the query (Applied On), the number of endpoints which successfully executed the search (Succeeded), and the number of endpoints which failed to run the query or did not receive the query (Failed).
- (Optional) To view detailed information about
the match, click Details.The ESM Console displays up to 50 records of matches.
- (Optional) To view the full text, hover over cell of the Result or Metadata field.
- (Optional) To save the results to a comma-separated
(CSV) file that you can parse, click the action menu at the top of the page and select Export Logs.
![]()
- (Optional) There are additional tasks you can
perform after reviewing the results of the query:
- Remediate any issues with malicious files on the endpoint.
- Duplicate the query, make any changes as required, and Apply it to run it again.
- Delete the query and results from the ESM Console.
