App Control: How to view Malicious File Instances via SQL
search cancel

App Control: How to view Malicious File Instances via SQL

book

Article ID: 288534

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • Show all file instances with a threat of 'potential risk' or 'malicious' directly in SQL Management Studio

Environment

  • App Control: All Supported Versions

Resolution

Use the following sample SQL query to obtain the file instances
 
use das;
SELECT * from bit9_public.ExFileCatalog FC with (NOLOCK)
JOIN bit9_public.ExFileInstances (NOLOCK) FI on FI.File_Catalog_Id = FC.File_Catalog_Id
where FC.Threat in ('2 - Malicious','1 - Potential risk')
Powered by Wolken Software