carbon_black_info¶
Returns info about a Carbon Black sensor install.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: carbon_black_info
- Windows
- Linux
- Mac OSX
- Free BSD
Table schema¶
Name | Type | Description |
---|---|---|
sensor_id | INTEGER | Sensor ID of the Carbon Black sensor |
config_name | TEXT | Sensor group |
collect_store_files | INTEGER | If the sensor is configured to send back binaries to the Carbon Black server |
collect_module_loads | INTEGER | If the sensor is configured to capture module loads |
collect_module_info | INTEGER | If the sensor is configured to collect metadata of binaries |
collect_file_mods | INTEGER | If the sensor is configured to collect file modification events |
collect_reg_mods | INTEGER | If the sensor is configured to collect registry modification events |
collect_net_conns | INTEGER | If the sensor is configured to collect network connections |
collect_processes | INTEGER | If the sensor is configured to process events |
collect_cross_processes | INTEGER | If the sensor is configured to cross process events |
collect_emet_events | INTEGER | If the sensor is configured to EMET events |
collect_data_file_writes | INTEGER | If the sensor is configured to collect non binary file writes |
collect_process_user_context | INTEGER | If the sensor is configured to collect the user running a process |
collect_sensor_operations | INTEGER | Unknown |
log_file_disk_quota_mb | INTEGER | Event file disk quota in MB |
log_file_disk_quota_percentage | INTEGER | Event file disk quota in a percentage |
protection_disabled | INTEGER | If the sensor is configured to report tamper events |
sensor_ip_addr | TEXT | IP address of the sensor |
sensor_backend_server | TEXT | Carbon Black server |
event_queue | INTEGER | Size in bytes of Carbon Black event files on disk |
binary_queue | INTEGER | Size in bytes of binaries waiting to be sent to Carbon Black server |