This message was deleted.
# kolides
Slackbot
01/14/2019, 9:47 PMThis message was deleted.
z
zwass
01/14/2019, 9:50 PM
What do you mean by faster? The query continues retrieving results from any machine that checks in and fits the targets. You are free to stop the query and/or use the results whenever you like.
j
jackjack
01/14/2019, 9:51 PMjackjack
01/14/2019, 9:51 PMit has been stuck there for quite a while
z
zwass
01/14/2019, 9:51 PM
What do you want it to do?
j
jackjack
01/14/2019, 9:51 PMchecked the instance performance (AWS), not overloading
jackjack
01/14/2019, 9:51 PMJust wonder if we can skip the offline machines and only query the online ones
jackjack
01/14/2019, 9:52 PMand this is the query I entered....
z
zwass
01/14/2019, 9:52 PM
If it's been there for a while I would assume you got results from all the online machines
j
jackjack
01/14/2019, 9:52 PMselect * from shell_history where command LIKE '%chmod 4777%' OR command LIKE '%chmod u+s%';jackjack
01/14/2019, 9:52 PMis there a way to only query online endpoints?
z
zwass
01/14/2019, 9:53 PM
Only online endpoints are receiving the query
zwass
01/14/2019, 9:53 PM
There is no way for an offline endpoint to receive that query
zwass
01/14/2019, 9:53 PM
Until it comes online
j
jackjack
01/14/2019, 9:54 PMeven though the process bar doesn't change?
jackjack
01/14/2019, 9:54 PMokay thank you Zach! As always
z
zwass
01/14/2019, 9:55 PM
I'm not sure what you mean. The progress bar indicates how many of the targeted hosts have responded. Offline hosts can't respond.
zwass
01/14/2019, 9:55 PM
If you want the query to stop you can hit the stop button or leave the page.
j
jackjack
01/14/2019, 9:56 PMsorry fo the confusion. I think it makes sense to just see it from the query results, because I am parsing it anyway
z
zwass
01/14/2019, 9:57 PM
kk cool
2 Views