The Carbon Black EDR console lets you choose criteria for searches of processes, binaries, alerts, and threat reports. This section describes how to construct complex queries.

The fields, field types, and examples in this section focus on queries to search for processes and binaries, but most of the syntax descriptions also apply to alerts and threat reports.