The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

List all loaded Kernel modules

Description: Lists all loaded Kernel modules on a system and which account uses it.

What The Data Shows: Comparing to reference list of loaded modules, run this can easily determine malicious modules.

SQL: 

SELECT name, used_by, status from kernel_modules
WHERE status="Live";

 

1 Comment
jnelson
Carbon Black Employee
Status changed to: Approved