17 March 2022

Identify Machines a User is Logged Into using Carbon Black

If you have Carbon Black in your environment, you can use it to identify which machines a user account is logged into. Carbon Black collects a vast amount of data on machines and reports it to the cloud database. The following is how to use Carbon Black to list the machines:
  1. Log into the Carbon Black Cloud Portal
  2. Click the Investigate tab
  3. In the investigate search field at the top, enter the following: 
    1. Enter process_username:<username> in the search field at the top. <username> needs to be changed to the actual username you are searching for.
    2. Change the time field to the right to within one day or less
    3. Click the magnifying glass on the far right to search. 
  4. Under the filters field, scroll down to Device and it will show a list of devices the profile is currently logged into. 
As you can see in the screenshot under devices, it returned two machines my profile was logged into. 


Post a Comment