Skip to main content
Skip table of contents

Watchlist Hit : Binary Storage

Vendor Documentation

https://www.carbonblack.com/products/endpoint-detection-and-response/

Classification

Rule Name

Rule Type

Common Event

Classification
Watchlist Hit : Binary StorageBase RuleWatchlist HitActivity
Watchlist Hit : Unsigned Binary StorageSub RuleWatchlist HitActivity
Watchlist Hit : Signed Binary StorageSub RuleWatchlist HitActivity

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData Type
publisher/issuer<subject>Text/String
digsig_result<result>Text/String
digsig_result<tag1>Text/String
endpoint<dname>Text/String
file_version<version>Number
group<group>Text/String
md5<objectname>Text/String
md5<hash>Text/String
observed_filename<process>Text/String
original_filename<object>Text/String
watchlist_name<vmid>Text/String
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close