CB LiveOps: How to Monitor Changes to Hosts File
search cancel

CB LiveOps: How to Monitor Changes to Hosts File

book

Article ID: 288903

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Search for changes made to the hosts file

Environment

  • CB PSC Console: All versions
  • CB LiveOps Sensor: All versions
  • Microsoft Windows: All supported versions
  • Apple macOS: All supported versions
  • Linux: All supported versions

Resolution

  1. Navigate to LiveQuery > New Query
  2. Select SQL Query tab
  3. Query the etc_hosts table; only changes will be reported 
    select * from etc_hosts

Additional Information

  • The etc_hosts table is available on Mac, Windows, and Linux
  • There is also a Recommended query titled "IT_Hygeine" that will return hosts file modifications 
Powered by Wolken Software