logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: How to Live Query sensors for the vendor and product ID of a USB device.

Carbon Black Cloud: How to Live Query sensors for the vendor and product ID of a USB device.

Environment

  • Carbon Black Cloud Console: v 0.75.0 +
  • Carbon Black Cloud Windows Sensor:  3.8.x +
  • Microsoft Windows: All versions

Question

How to Live Query sensors for the vendor and product ID of a USB device?

Answer

Create a Live Query: 
select * from cb_sensor_devices;

will return (among others) 
device_id	device_name	    response	sensor_msg	device_type	drive_letter	friendly_name	                    interface_type	manufacturer	model_name	    product_id	    serial_number	vendor_id	    volume_guid
77854781	MyLaptop11	    matched		            DISK	    E:\	            Apricorn Secure Key 3.0 USB Device	USB	            Apricorn	    Secure Key 3.0	0x1407 (0n5127)	000AA0000502	0x0984 (0n2436)	Volume{20848e18-18c1-4d34-8523-39b49c0f0745}

 

Additional Notes

The 'cb_sensor_devices' table is only supported on CBC Windows sensors 3.8.x and above.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎03-15-2022
Views:
814
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.