| Key |
Description |
Example |
|---|---|---|
| cb_version |
Carbon Black EDR server version. |
5.0.0.140204.501 |
| copied_mod_len |
Number of bytes collected. |
73544 |
| endpoint |
Hostname and sensor ID of the endpoint on which the binary was first observed. |
[PANTHER|2] |
| group |
First sensor group in which this binary was observed. |
[Default Group] |
| digsig_issuer |
If digitally signed, the issuer. |
VeriSign Class 3 Code Signing 2010 CA |
| digsig_publisher |
If digitally signed, the publisher. |
Google Inc |
| digsig_result |
If digitally signed, the result. Contains one of the following eight possible values:
|
Signed |
| digsig_result_code |
Internal use. |
0 |
| digsig_sign_time |
If digitally signed, the time of signing. |
2015-02-02T04:42:00Z |
| digsig_subject |
If digitally signed, the subject. |
Google Inc |
| is_executable_image |
True if the binary is an EXE (versus DLL or SYS). |
True |
| is_64bit |
True if architecture is x64. |
True |
| md5 |
MD5 hash value of the process, the parent process, a child process, a loaded module, or a written file. |
44C0CBADFF00F3930B6A01EEAA405C6F |
| sha256 |
SHA-256 hash value of the process, parent process, a child process, a loaded module, or a written file |
1123a659bc80def22859f36719ed30618589c4b50abc17def38ff7eed913721 |
| observed_filename |
Full path to the executable backing this process. |
c:\program files(x86)\google\chrome\application\wow_helper.exe |
| orig_mod_len |
Size, in bytes, of binary at time of collection. |
73544 |
| os_type |
Operating system type of the host. |
Windows |
| server_added_timestamp |
The time that this binary was first seen by the server. |
2014-02-04T07:50:56.9 17Z |
| server_name |
Name of Carbon Black EDR server. |
edrserver |
| signed |
Internal use. |
Signed |
| timestamp |
Time that the binary was seen. |
2014-02-04T07:50:56.9 17Z |
| watchlist_name |
Name of the watchlist that matched this binary. |
SyslogTest |
| watchlists |
All watchlists that matched this binary. |
[{‘wid’: ‘5’, ‘value’:‘2014-02-04T07:55:03. 007Z’}] |
| watchlist_<id> |
For each watchlist that matched this binary, the timestamp of the match. |
‘2014-02-04T07:55:03. 007Z’ |
| file_version |
File version string from the class FileVersionInfo. |
|
| product_name |
Product name string from the class FileVersionInfo. |
|
| company_name |
Company name string from the class FileVersionInfo. |
|
| internal_name |
Internal name string from the class FileVersionInfo. |
|
| original_filename |
Original name string from the class FileVersionInfo. |
|
| file_desc |
File description string from the class FileVersionInfo. |
|
| product_desc |
Product description string from the class FileVersionInfo. |
|
| comments |
Comment string from the class FileVersionInfo. |
|
| legal_copyright |
Legal copyright string from the class FileVersionInfo. |
|
| legal_trademark |
Legal trademark string from the class FileVersionInfo. |
|
| private_build |
Private build string from the class FileVersionInfo. |
|
| special_build |
Special build string from the class FileVersionInfo. |
|
| product_version |
Product name string from the class FileVersionInfo. |
|
