The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Registry Entries

Description: Values in Windows Registry Hives

What The Data Shows: could determine what registry values exist, this can be used to find installed software, or indicators of compromise; where registry could be used for persistence


SELECT key,path,name,data
FROM (`registry`);


Tags (2)
1 Comment
Carbon Black Employee
Status changed to: Under Review

@coreymaygard While this query works, it is too broad to be effective. You can some examples in the Query Exchange and the Recommended Queries in CB Live Query where we look for misconfigurations, persistence, and vulnerabilities.