Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe consolidates multiple tools with Fleet.
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
What people are saying
Stories from the Fleet community.
Pricing
More
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
carbon_black_info
carbon_black_info
Returns info about a Carbon Black sensor install.
| Column | Type | Description |
|---|---|---|
| binary_queue | integer | Size in bytes of binaries waiting to be sent to Carbon Black server |
| collect_cross_processes | integer | If the sensor is configured to cross process events |
| collect_data_file_writes | integer | If the sensor is configured to collect non binary file writes |
| collect_emet_events | integer | If the sensor is configured to EMET events |
| collect_file_mods | integer | If the sensor is configured to collect file modification events |
| collect_module_info | integer | If the sensor is configured to collect metadata of binaries |
| collect_module_loads | integer | If the sensor is configured to capture module loads |
| collect_net_conns | integer | If the sensor is configured to collect network connections |
| collect_process_user_context | integer | If the sensor is configured to collect the user running a process |
| collect_processes | integer | If the sensor is configured to process events |
| collect_reg_mods | integer | If the sensor is configured to collect registry modification events |
| collect_sensor_operations | integer | Unknown |
| collect_store_files | integer | If the sensor is configured to send back binaries to the Carbon Black server |
| config_name | text | Sensor group |
| event_queue | integer | Size in bytes of Carbon Black event files on disk |
| log_file_disk_quota_mb | integer | Event file disk quota in MB |
| log_file_disk_quota_percentage | integer | Event file disk quota in a percentage |
| protection_disabled | integer | If the sensor is configured to report tamper events |
| sensor_backend_server | text | Carbon Black server |
| sensor_id | integer | Sensor ID of the Carbon Black sensor |
| sensor_ip_addr | text | IP address of the sensor |
Example
See systems running Carbon Black but which have protection disabled.
SELECT * FROM carbon_black_info WHERE protection_disabled='1';Questions?
SOC2 Type 2
