Carbon Black EDR sensors begin tracking binaries when they are executed by a process. You can perform a binary search to explore the metadata of a binary.

You can enter keyword searches or pre-defined search criteria in the Search box at the top of the page. While you enter search criteria, the correct syntax is displayed. However, the search not only auto-completes your criteria but estimates results as well.

If you do not enter any search criteria, the system runs a search with *.*, which includes every binary that has executed in your environment. The results appear with a single instance of each binary and its metadata. Each binary is identified by its MD5 hash value.

Procedure

  1. On the navigation bar, click Binary Search.
    cbr-binary-search-large
  2. In the Search box, enter a search string (formatted with the correct syntax) or click Add Criteria to display predefined search criteria options:
    cbr-binary-search-addcriteria

    If you select a search criteria option, you must specify details for that search criteria option. For example, if you select the OS Type search criteria option, you must select one or more OS types for this search and then click Update.

    If you add multiple search criteria fields, they are combined using an AND operator.

  3. When you finish entering search criteria, click Search.
    Search results appear in a series of facets and graphs together with a Binary Search Results table.
    Note: For detailed information about using queries, see Advanced Search Queries.