Description: Real Time Scanninng of file stream using CB Defense APIHi,We have license for Carbon Bl...
Description:The Least Privileged Model reduces risk by limiting the users who haveadminpermissi...
Carbon Black Compliance Help Desk Operations Incident Response IT Hygiene Windows
This query looks for the existence of a Windows user's folder which indicates that they have logged ...
Carbon Black Compliance Help Desk Operations Incident Response IT Hygiene Windows
Description:This query checks if the registry value (EnableTrailerSupport) is set or not. If this va...
With the ability to query Windows Event Logs we can also query Sysmon logs as they show up in Event ...
Carbon Black Compliance Help Desk Operations Incident Response IT Hygiene Windows
Description:Search windows service creation events using the system logs event id 7045 from the past...
Community Compliance Help Desk Operations Incident Response Windows
Description: Search multiple artifacts of execution to search for evidence of an executable seen by ...
Description: Given a file path check for the existence and evidence of execution of a fileWhat The D...
This query converts the size and free space to GB, then calculate the percent full for the disk.
Description: This query looks for Windows endpoints with WSL feature enabledWhat The Data Shows...
The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”
IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.
Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.
Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.
Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.
Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.
Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.