How to export all watchlists as CSV

search cancel

How to export all watchlists as CSV

book

Article ID: 287715

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black EDR

Issue/Introduction

How to export all watchlists as CSV

Environment

EDR: All Versions (On-Prem Only)

Resolution

Option 1:

Log into your server (master in case of a cluster)
Elevate to root user
Execute:

psql cb -p 5002 -c "COPY (select name, search_query from watchlist_entries where group_id=-1 order by id) TO '/tmp/watchlist_entries.csv' with CSV HEADER;"

CSV file will be located under /tmp/watchlist_entries.csv

Option 2:

Export via API

Additional Information

The watchlist query from option 1 will be in URL encoded format. It will need to be URL decoded to be human readable.

Feedback

thumb_up Yes

thumb_down No