EDR: How to Pull Currently Enabled Banned Hashes from Postgres

search cancel

EDR: How to Pull Currently Enabled Banned Hashes from Postgres

book

Article ID: 287886

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to pull currently enabled banned hashes from postgres

Environment

EDR: All Versions

Resolution

In terminal, run the following command

psql -p 5002 cb -c "SELECT md5hash FROM banning_blacklist a WHERE id IN (SELECT max(id) FROM banning_blacklist b WHERE a.md5hash=b.md5hash AND delete_user_id IS null);"

To output this to a CSV file

psql -p 5002 cb -c  "COPY (SELECT md5hash FROM banning_blacklist a WHERE id IN (SELECT max(id) FROM banning_blacklist b WHERE a.md5hash=b.md5hash AND delete_user_id IS null)) to '<path>/<filename>.csv' WITH CSV HEADERS"

Feedback

thumb_up Yes

thumb_down No