CB Response: How to get the total number of unique binaries seen over a time period
search cancel

CB Response: How to get the total number of unique binaries seen over a time period

book

Article ID: 288100

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To get the total number of unique binaries seen by the CB Response cluster over a specific number of days. 

Environment

  • CB Response Server: 6.x

Resolution

  1. Log onto the command line of the master server.
  2. Run:
# curl "http://localhost:8080/solr/cbmodules/select?q=server_added_timestamp%3A%5BNOW-15DAYS+TO+*%5D&wt=xml&indent=true&rows=0"
Example output: 
<?xml version="1.0" encoding="UTF-8"?>
<response>

<lst name="responseHeader">
  <int name="status">0</int>
  <int name="QTime">850</int>
  <lst name="params">
    <str name="q">server_added_timestamp:[NOW-15DAYS TO *]</str>
    <str name="indent">true</str>
    <str name="rows">0</str>
    <str name="wt">xml</str>
  </lst>
</lst>
<result name="response" numFound="234279" start="0">
</result>
</response>

Additional Information

  • The resulting number ("numFound") is the number of unique binaires seen by the cluster over the specified timespan.
  • Replace -15DAYS with another value (eg, -30DAYS) to widen the timespan.
  • CB Response Cloud customers should open a support case and request this information. 
Powered by Wolken Software