The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Query Exchange

QUERIES

How we can control other installed application uninstallation via Carbon black App Control

Under Review 0 Comments Submitted by ChaithraN 04-18-2023

Description: What does this query look for?Other Installed application uninstallation also should co...

Carbon Black IT Hygiene Windows

1Vote

CVE-2022-32168 Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking

Approved 1 Comment Submitted by marc_gamet 03-31-2023

Description: Creates a report of endpoints with Notepad++ installed, including application version, ...

Community Compliance Vulnerability Management Windows

1Vote

Permissions request failed

Under Review 1 Comment Submitted by alinedominguez 03-13-2023

Hello Team,I'm asking for your help in order to solve a constant issue between MacOS devices.I updat...

Carbon Black Incident Response Mac

0Votes

Detect Static IP

Approved 1 Comment Submitted by rsotomayor 12-22-2022

Description: This query looks for any system that has a static IP set.
What The Data Shows: The ...

Carbon Black Compliance Help Desk Operations IT Hygiene Linux Windows

1Vote

Webshells on Microsoft Exchange Servers

Approved 2 Comments Submitted by TAR2 11-17-2022

Description: This query looks for suspected webshells in the locations they are commonly located, wh...

Community Incident Response IT Hygiene Windows

2Votes

Search/Hunt for malicious chrome extensions (w/ Identifiers)

Approved 4 Comments Submitted by M_Kiran_Kumar 09-02-2022

Description: This query looks for extensions using known extension identifiers.Replace the extension...

Carbon Black Compliance Incident Response IT Hygiene Windows

5Votes

Search Download Folders for ISO downloads

Approved 2 Comments Submitted by craken-da-ship 08-03-2022

Description: This query searches the downloads folder of all computers looking for .iso files. Can b...

Community Incident Response IT Hygiene Windows

2Votes

Powershell Execution Policy inquiry (user)

Approved 1 Comment Submitted by jnelson 06-01-2022

Description: This query looks for the 'ExecutionPolicy' registry key under HKEY_USERS hive to provid...

Carbon Black Compliance Help Desk Operations Incident Response IT Hygiene Vulnerability Management Windows

5Votes

Powershell Execution Policy inquiry (machine)

Approved 3 Comments Submitted by HenriqueLima 05-31-2022

Description: This query looks for the 'ExecutionPolicy' registry key under HKLM hive to provide info...

Community Compliance IT Hygiene Vulnerability Management Windows

4Votes

Local Administrator Permissions (w/ Domain Users)

Approved 2 Comments Submitted by jnelson 04-29-2022

Description:
The Least Privileged Model reduces risk by limiting the users who haveadminpermissi...

Carbon Black Compliance Help Desk Operations Incident Response IT Hygiene Windows

6Votes

Welcome to the Query Exchange

The Query Exchange is a place for everyone to take, learn, and share queries. Since Live Query is built off of the open source project Osquery, we want to encourage the spirit of community participation. As a collective group we can help each other be more efficient, more innovative, and more secure. All query submissions default to the “Under Review” stage when initially posted. Once submissions are vetted by Carbon Black, submissions will be updated to reflect “Approved.”

Query Use Cases

IT Hygiene: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's IT Hygiene.

Compliance: Provides a list of SQL queries that we recommend you run in Live Query to help manage Compliance across your organization.

Incident Response: Provides a list of SQL queries that we recommend you run in Live Query to help during an investigation.

Vulnerability Management: Provides a list of SQL queries that we recommend you run in Live Query to help with Vulnerability Management in your organization.

Help Desk Operations: Provides a list of SQL queries that we recommend you run in Live Query to help with Help Desk items.

Container Support: Provides a list of SQL queries that we recommend you run in Live Query to help with your organization's Container Support.