EDR: How to export all watchlists as CSV
search cancel

EDR: How to export all watchlists as CSV

book

Article ID: 287715

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to export all watchlists as CSV 

Environment

  • EDR:  All Versions (On-Prem Only)

Resolution

Option 1:
  1. Log into your server (master in case of a cluster)
  2. elevate to root user 
  3. execute: 
psql cb -p 5002 -c "COPY (select name, search_query from watchlist_entries where group_id=-1 order by id) TO '/tmp/watchlist_entries.csv' with CSV HEADER;"
  1. CSV file will be located under /tmp/watchlist_entries.csv 
Option 2:
  • Export via API: https://community.carbonblack.com/t5/Knowledge-Base/EDR-How-to-export-and-import-Watchlists-between-Server-Cluster/ta-p/81071

Additional Information

The watchlist query from option 1 will be in URL encoded format.  It will need to be URL decoded to be human readable.
Powered by Wolken Software