Products
Applications
Support
Company
How To Buy
Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Register
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
My Communities
Communities
All Communities
Application Networking and Security
Enterprise Software
Mainframe Software
Software Defined Edge
Symantec Enterprise
Tanzu
VMware Cloud Foundation
Blogs
All Blogs
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Events
All Events
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Water Cooler
Betas
Flings
Education
Groups
Enterprise Software
Mainframe Software
Symantec Enterprise
VMware
Members
Blog Viewer
CB LiveOps: How to Monitor Changes to Hosts File
By
CB_Support
posted
Sep 10, 2020 01:51 AM
0
Recommend
Environment
CB PSC Console: All versions
CB LiveOps Sensor: All versions
Microsoft Windows: All supported versions
Apple macOS: All supported versions
Linux: All supported versions
Objective
Search for changes made to the hosts file
Resolution
Navigate to LiveQuery > New Query
Select SQL Query tab
Query the etc_hosts table; only changes will be reported
select * from etc_hosts
Additional Notes
The etc_hosts table is available on Mac, Windows, and Linux
There is also a Recommended query titled "IT_Hygeine" that will return hosts file modifications
Related Content
Cb LiveQuery : How to Query Endpoints Using Query Builder
CB LiveQuery: Can contents of files be queried?
Audit and Remediation: How To Stop a Running Query
#EnterpriseEDR
#CarbonBlackCloud
0 comments
0 views
Permalink
Copyright 2019. All rights reserved.
Powered by Higher Logic