The ExFileCatalog view provides access to the metadata for all unique hashes of files discovered on your computers.
To see this file data as it is displayed in the console, click Assets > Files in the console menu and then click the File Catalog tab.
| Field Name |
Data Type | Special Values | Comments |
|---|---|---|---|
|
|
int |
|
Primary Key |
|
|
int |
|
Prevalence of this file – number of computers that currently have this file |
|
|
datetime |
|
Date and time when this file was first created |
|
|
bigint |
|
Size of this file in bytes |
|
|
varchar |
Application, Package, Script File, Supporting File, Other, Unknown, Unrecognized Executed File |
Type of this file |
|
|
char |
|
MD5 hash of this file |
|
|
char |
|
SHA1 hash of this file |
|
|
char |
|
SHA256 hash of this file (see Sha256_Hash_Type for interpretation of this field) |
|
|
int |
5 = regular hash 6 = MSI fuzzy hash |
Type of the Sha256_Hash. |
|
|
int |
|
Foreign key into ExComputers table for computer on which the file was first seen |
|
|
nvarchar |
|
File name where this file was first seen on any computer |
|
|
nvarchar |
|
Path where this file was first seen on any computer. Uses the path delimiter for the OS of the first-seen computer. |
|
|
nvarchar |
|
Product name of this file |
|
|
nvarchar |
|
Product version of this file |
|
|
nvarchar |
|
Publisher of this file (if file is signed with certificate) |
|
|
nvarchar |
Approved, Approved by Policy, Unapproved, Banned, Banned by Policy |
State of this publisher (if available); “none” for unsigned files |
|
|
nvarchar |
Manual, Reputation, Imported, External (API), Unknown |
Reason the file’s publisher is approved |
|
|
nvarchar |
|
Publisher (if available) or Company name (if no publisher info) of this file |
|
|
nvarchar |
|
Company name of this file |
|
|
nvarchar |
|
If this file was an installer, the name of its installed program (that is, its name on the Add/Remove Programs page in Windows). No value for macOS or Linux files. |
|
|
int |
-1 = unknown [0 – 10] valid values |
Trust of this file; maximum=10 |
|
|
nvarchar |
|
More information associated with this file’s trust |
|
|
nvarchar |
0 - Clean, 1 - Potential risk, 2 - Malicious, Unknown |
Threat level of this file |
|
|
nvarchar |
|
Category of this file |
|
|
nvarchar |
Unapproved, Approved, Banned, Approved by Policy, Banned by Policy, Mixed |
Effective global file state for this file |
|
|
nvarchar |
Unapproved, Approved, Banned, Approved by Policy, Banned by Policy, Mixed |
Global file state for this file |
|
|
nvarchar |
Comma-separated combination of one or more of the following: Installer,Not installer (Override), Installer (Override), Report Only Ban |
Global file flags for this file |
|
|
nvarchar |
Manual, Trusted Directory, Reputation, Imported, External (API), Unknown |
Reason for the approval state of this file |
|
|
varchar |
Yes, No |
Was this file approved because of its file or publisher Trust and Threat ratings in CB Reputation |
|
|
varchar |
Yes, No |
Is reputation-based approval is enabled for this file |
|
|
char |
|
Carbon Black App Control-proprietary hash that provides unique identifier for this certificate. |
|
|
nvarchar |
Unapproved, Approved, Banned, Approved by Policy, Banned by Policy |
Global State of the certificate for this file. Invalid certificates are Unapproved in this field. Unsigned certificates are null. |
|
|
nvarchar |
Manual, External (API) |
State reason of the certificate (same as Publisher State Reason) |
|
|
nvarchar |
|
Extension of first seen file with this hash |
