Knowledge Base

Yes

Environment

Carbon Black Cloud Console: v 0.75.0 +
Carbon Black Cloud Windows Sensor: 3.8.x +
Microsoft Windows: All versions

Question

How to Live Query sensors for the vendor and product ID of a USB device?

Answer

Create a Live Query:

select * from cb_sensor_devices;

will return (among others)

device_id	device_name	    response	sensor_msg	device_type	drive_letter	friendly_name	                    interface_type	manufacturer	model_name	    product_id	    serial_number	vendor_id	    volume_guid
77854781	MyLaptop11	    matched		            DISK	    E:\	            Apricorn Secure Key 3.0 USB Device	USB	            Apricorn	    Secure Key 3.0	0x1407 (0n5127)	000AA0000502	0x0984 (0n2436)	Volume{20848e18-18c1-4d34-8523-39b49c0f0745}

Additional Notes

The 'cb_sensor_devices' table is only supported on CBC Windows sensors 3.8.x and above.

Knowledge Base

Carbon Black Cloud: How to Live Query sensors for the vendor and product ID of a USB device.

Carbon Black Cloud: How to Live Query sensors for the vendor and product ID of a USB device.

Environment

Question

Answer

Additional Notes

Related Content

Audit and Remediation

Carbon Black Cloud

Container

Endpoint Standard

Enterprise EDR

Managed Detection

Managed Detection and Response

Prevention

Workload

Knowledge Base

Carbon Black Cloud: How to Live Query sensors for the vendor and product ID of a USB device.

Carbon Black Cloud: How to Live Query sensors for the vendor and product ID of a USB device.

Environment

Question

Answer

Additional Notes

Related Content

Thank you for your feedback.

Thank you for your feedback.