search cancel

When performing a search on ATP 3.x or SEDR 4.0, the search term gets cut into two queries


Article ID: 170638


Updated On:


Endpoint Detection and Response Advanced Threat Protection Platform


You are attempting to search for an item in the Advanced Threat Protection 3.0 Entity, Endpoint or other searches. When you type or paste in a value in uppercase where an AND or an OR is anywhere in the value, the search gets broken up into two queries or if you specified a specific field to search, that field and a query for the characters after the AND or OR.



ATP 3.x device_name: JNOLANDPC get parsed as device_name: JHOAGLANDPquery: PC

SEDR 4.0: device_name: CLIENTANDOVER gets parsed as device_name: CLIENTANDMulti Column: OVER


This will be addressed in a future version of the SEDR Appliance software. Until then, the solution is to only search with lowercase terms, since Entity searches are not case sensitive.