Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Multi platform
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, software catalog Integrations
Docs Pricing
More
News Case studies Ask around Meetups Share your story
The handbook Get your license Schedule a demo
Try it yourself

Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

macOS Apple

Linux Linux

Windows Windows

Chrome ChromeOS

carbon_black_info

click to open the table of contents
macOS logo Windows logo Linux logo

carbon​_black​_info

Returns info about a Carbon Black sensor install.

Column Type Description
binary_queue integer Size in bytes of binaries waiting to be sent to Carbon Black server
collect_cross_processes integer If the sensor is configured to cross process events
collect_data_file_writes integer If the sensor is configured to collect non binary file writes
collect_emet_events integer If the sensor is configured to EMET events
collect_file_mods integer If the sensor is configured to collect file modification events
collect_module_info integer If the sensor is configured to collect metadata of binaries
collect_module_loads integer If the sensor is configured to capture module loads
collect_net_conns integer If the sensor is configured to collect network connections
collect_process_user_context integer If the sensor is configured to collect the user running a process
collect_processes integer If the sensor is configured to process events
collect_reg_mods integer If the sensor is configured to collect registry modification events
collect_sensor_operations integer Unknown
collect_store_files integer If the sensor is configured to send back binaries to the Carbon Black server
config_name text Sensor group
event_queue integer Size in bytes of Carbon Black event files on disk
log_file_disk_quota_mb integer Event file disk quota in MB
log_file_disk_quota_percentage integer Event file disk quota in a percentage
protection_disabled integer If the sensor is configured to report tamper events
sensor_backend_server text Carbon Black server
sensor_id integer Sensor ID of the Carbon Black sensor
sensor_ip_addr text IP address of the sensor

Example

See systems running Carbon Black but which have protection disabled.

SELECT * FROM carbon_black_info WHERE protection_disabled='1';
Edit page

Questions?

Ask us anything
{{table.title}} evented table