Carbon Black Cloud: How to Live Query sensors for the vendor and product ID of a USB device.

search cancel

Carbon Black Cloud: How to Live Query sensors for the vendor and product ID of a USB device.

book

Article ID: 288215

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How to Live Query sensors for the vendor and product ID of a USB device?

Environment

Carbon Black Cloud Console: v 0.75.0 +
Carbon Black Cloud Windows Sensor: 3.8.x +
Microsoft Windows: All versions

Resolution

Create a Live Query:

select * from cb_sensor_devices;

will return (among others)

device_id	device_name	    response	sensor_msg	device_type	drive_letter	friendly_name	                    interface_type	manufacturer	model_name	    product_id	    serial_number	vendor_id	    volume_guid
77854781	MyLaptop11	    matched		            DISK	    E:\	            Apricorn Secure Key 3.0 USB Device	USB	            Apricorn	    Secure Key 3.0	0x1407 (0n5127)	000AA0000502	0x0984 (0n2436)	Volume{20848e18-18c1-4d34-8523-39b49c0f0745}

Additional Information

The 'cb_sensor_devices' table is only supported on CBC Windows sensors 3.8.x and above.

Feedback

thumb_up Yes

thumb_down No