CB Response: How to download events for a process within a specific time period
search cancel

CB Response: How to download events for a process within a specific time period

book

Article ID: 285346

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to download events for a process within a specific time period from the browser.

Environment

  • CB Response Server: 6.x

Resolution

  1. Navigate to the CB Response Analyze page Navigate for the specific process you wish to export events for, your URL should appear similar to the following example: 
Example URL: https://<your_server>/#/analyze/00000050-0000-025c-01d4-daaf3d153e7f/1556532324995?cb.legacy_5x_mode=false 
      Note: In the above example, 00000050-0000-025c-01d4-daaf3d153e7f is the guid of the process, and 1556532324995 is the segment ID (which we will not be using).
  1. Modify the URL.  Replace <your_server>, <guid> <to_timestamp>, and <from_timestamp> with your values in the format:
https://<your_server>/api/v5/process/<guid>/0/event?cb.min_last_update=<from_timestamp>&cb.max_last_update=<to_timestamp>&cb.event_count=1000&cb.event_start=0
  1. Navigate to the URL to generate an export of events within the specified timeframe.

Additional Information

  • Output format is in JSON only.  CSV is not supported.
Powered by Wolken Software