EDR: How to get raw binary documents via Curl
search cancel

EDR: How to get raw binary documents via Curl

book

Article ID: 287889

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Query the EDR server for raw binary document information.

Environment

  • EDR Server: 6.x and higher

Resolution

  1. Log into the master server via ssh/terminal
  2. Run this query with the MD5 in all uppercase
curl 'http://localhost:8080/solr/cbmodules/select?q=md5:<Md5Hash>&rows=5&indent=true' > md5_binary.txt
Example: 
curl 'http://localhost:8080/solr/cbmodules/select?q=md5:D78B79745706256950D42EFFA5485627&rows=5&indent=true' > D78B79745706256950D42EFFA5485627_binary.txt

Additional Information

  • Common Errors:
    • "The requested resource is not available": Curl command was run on the incorrect server/node.
    • "numFound=0": Incorrect or missing unique id,  incorrect server/node or md5 hash is lowercase.
  • Send the resulting text document to Carbon Black's Alliance servers by appending:
&& /usr/share/cb/cbpost /<pathtofile>/<filename.txt>
Example: 
curl 'http://localhost:8080/solr/cbmodules/select?q=md5:D78B79745706256950D42EFFA5485627&rows=5&indent=true' > D78B79745706256950D42EFFA5485627_binary.txt && /usr/share/cb/cbpost ./D78B79745706256950D42EFFA5485627_binary.txt
Powered by Wolken Software