carbon_black_info

Returns info about a Carbon Black sensor install.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: carbon_black_info

  • Windows
  • Linux
  • Mac OSX
  • Free BSD

Table schema

Name Type Description
sensor_id INTEGER Sensor ID of the Carbon Black sensor
config_name TEXT Sensor group
collect_store_files INTEGER If the sensor is configured to send back binaries to the Carbon Black server
collect_module_loads INTEGER If the sensor is configured to capture module loads
collect_module_info INTEGER If the sensor is configured to collect metadata of binaries
collect_file_mods INTEGER If the sensor is configured to collect file modification events
collect_reg_mods INTEGER If the sensor is configured to collect registry modification events
collect_net_conns INTEGER If the sensor is configured to collect network connections
collect_processes INTEGER If the sensor is configured to process events
collect_cross_processes INTEGER If the sensor is configured to cross process events
collect_emet_events INTEGER If the sensor is configured to EMET events
collect_data_file_writes INTEGER If the sensor is configured to collect non binary file writes
collect_process_user_context INTEGER If the sensor is configured to collect the user running a process
collect_sensor_operations INTEGER Unknown
log_file_disk_quota_mb INTEGER Event file disk quota in MB
log_file_disk_quota_percentage INTEGER Event file disk quota in a percentage
protection_disabled INTEGER If the sensor is configured to report tamper events
sensor_ip_addr TEXT IP address of the sensor
sensor_backend_server TEXT Carbon Black server
event_queue INTEGER Size in bytes of Carbon Black event files on disk
binary_queue INTEGER Size in bytes of binaries waiting to be sent to Carbon Black server

Query examples

Select all the results for the given table.

SELECT * FROM carbon_black_info;