logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Where to find info about watchlist "Newly loaded module"?

EDR: Where to find info about watchlist "Newly loaded module"?

Environment

  • EDR (Formerly CB Response): All Versions

Question

Where to find info about watchlist "Newly loaded module"?

Answer

The query description is available on the watchlist page of the console. 
cb.urlver=1&q=is_executable_image:false&sort=server_added_timestamp desc
 
 

Additional Notes

The watchlist will only run against newly loaded events.
 

Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-24-2020
Views:
298
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.