logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How to Pull Currently Enabled Banned Hashes from Postgres

EDR: How to Pull Currently Enabled Banned Hashes from Postgres

Environment

  • EDR: All Versions

Objective

How to pull currently enabled banned hashes from postgres

Resolution

In terminal, run the following command 
psql -p 5002 cb -c "SELECT md5hash FROM banning_blacklist a WHERE id IN (SELECT max(id) FROM banning_blacklist b WHERE a.md5hash=b.md5hash AND delete_user_id IS null);"

 To output this to a CSV file 
psql -p 5002 cb -c  "COPY (SELECT md5hash FROM banning_blacklist a WHERE id IN (SELECT max(id) FROM banning_blacklist b WHERE a.md5hash=b.md5hash AND delete_user_id IS null)) to '<path>/<filename>.csv' WITH CSV HEADERS"

Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎08-16-2021
Views:
255
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.