logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How to get raw binary documents via Curl

EDR: How to get raw binary documents via Curl

Environment

  • EDR Server: 6.x and higher

Objective

Query the EDR server for raw binary document information.

Resolution

  1. Log into the master server via ssh/terminal
  2. Run this query with the MD5 in all uppercase
curl 'http://localhost:8080/solr/cbmodules/select?q=md5:<Md5Hash>&rows=5&indent=true' > md5_binary.txt
Example: 
curl 'http://localhost:8080/solr/cbmodules/select?q=md5:D78B79745706256950D42EFFA5485627&rows=5&indent=true' > D78B79745706256950D42EFFA5485627_binary.txt

Additional Notes

  • Common Errors:
    • "The requested resource is not available": Curl command was run on the incorrect server/node.
    • "numFound=0": Incorrect or missing unique id,  incorrect server/node or md5 hash is lowercase.
  • Send the resulting text document to Carbon Black's Alliance servers by appending:
&& /usr/share/cb/cbpost /<pathtofile>/<filename.txt>
Example: 
curl 'http://localhost:8080/solr/cbmodules/select?q=md5:D78B79745706256950D42EFFA5485627&rows=5&indent=true' > D78B79745706256950D42EFFA5485627_binary.txt && /usr/share/cb/cbpost ./D78B79745706256950D42EFFA5485627_binary.txt

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎12-14-2018
Views:
1169
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.