The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Query Exchange

QUERIES

PtH - Local Account Token Filter Query Issue

Under Review 0 Comments Submitted by cbfed Monday

This is a preloaded recommended query, but I think it is miswrittenDescription:This is the provided ...

Carbon Black IT Hygiene Windows

0Votes

Does killing a process also kill the process tree?

Under Review 0 Comments Submitted by JSuser a week ago

Does killing a process also kill the process tree? This is for the product Carbon Black EDR.

Carbon Black Linux Other

0Votes

How to un-isolate endpoint?

Under Review 0 Comments Submitted by JSuser a week ago

How to un-isolate endpoint for Carbon Black EDR?

Carbon Black Linux Other

0Votes

How to extract endpoint for forensic analysis or remote triaging?

Under Review 0 Comments Submitted by JSuser a week ago

How to extract endpoint for forensic analysis or remote triaging? This is for Carbon Black EDR.

Carbon Black Linux Other

0Votes

Network Access Control required for Carbon Black EDR?

Under Review 0 Comments Submitted by JSuser a week ago

Network Access Control required for Carbon Black EDR?

Carbon Black Linux Other

0Votes

Is there any monitoring account for Carbon Black EDR? Any access control verification?

Under Review 0 Comments Submitted by JSuser a week ago

Is there any monitoring account for Carbon Black EDR? Any access control verification?

Carbon Black Linux Other

0Votes

Getting 403(forbidden) in Update Policy Device Action..

Under Review 4 Comments Submitted by zliaquat 4 weeks ago

Description: I am implementing Update Policy (Device Action) and unable to get success response.Belo...

Carbon Black IT Hygiene Linux Mac Other Windows

0Votes

Search/Hunt for malicious chrome extensions (w/ Identifiers)

Approved 4 Comments Submitted by M_Kiran_Kumar 09-02-2022

Description: This query looks for extensions using known extension identifiers.Replace the extension...

Carbon Black Compliance Incident Response IT Hygiene Windows

2Votes

Search Download Folders for ISO downloads

Approved 2 Comments Submitted by craken-da-ship 08-03-2022

Description: This query searches the downloads folder of all computers looking for .iso files. Can b...

Community Incident Response IT Hygiene Windows

1Vote

Powershell Execution Policy inquiry (user)

Approved 1 Comment Submitted by jnelson 06-01-2022

Description: This query looks for the 'ExecutionPolicy' registry key under HKEY_USERS hive to provid...

Carbon Black Compliance Help Desk Operations Incident Response IT Hygiene Vulnerability Management Windows

4Votes

Welcome to the Query Exchange

The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”

Query Use Cases

IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.

Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.

Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.

Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.

Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.

Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.