carbon_black_info

Returns info about a Carbon Black sensor install.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: carbon_black_info

  • Windows

  • Linux

  • Mac OSX

  • Free BSD

Table schema

Name

Type

Description

sensor_id

INTEGER

Sensor ID of the Carbon Black sensor

config_name

TEXT

Sensor group

collect_store_files

INTEGER

If the sensor is configured to send back binaries to the Carbon Black server

collect_module_loads

INTEGER

If the sensor is configured to capture module loads

collect_module_info

INTEGER

If the sensor is configured to collect metadata of binaries

collect_file_mods

INTEGER

If the sensor is configured to collect file modification events

collect_reg_mods

INTEGER

If the sensor is configured to collect registry modification events

collect_net_conns

INTEGER

If the sensor is configured to collect network connections

collect_processes

INTEGER

If the sensor is configured to process events

collect_cross_processes

INTEGER

If the sensor is configured to cross process events

collect_emet_events

INTEGER

If the sensor is configured to EMET events

collect_data_file_writes

INTEGER

If the sensor is configured to collect non binary file writes

collect_process_user_context

INTEGER

If the sensor is configured to collect the user running a process

collect_sensor_operations

INTEGER

Unknown

log_file_disk_quota_mb

INTEGER

Event file disk quota in MB

log_file_disk_quota_percentage

INTEGER

Event file disk quota in a percentage

protection_disabled

INTEGER

If the sensor is configured to report tamper events

sensor_ip_addr

TEXT

IP address of the sensor

sensor_backend_server

TEXT

Carbon Black server

event_queue

INTEGER

Size in bytes of Carbon Black event files on disk

binary_queue

INTEGER

Size in bytes of binaries waiting to be sent to Carbon Black server

Query examples

Select all the results for the given table.

SELECT * FROM carbon_black_info;