When performing a search on ATP 3.x or SEDR 4.0, the search term gets cut into two queries

book

Article ID: 170638

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

You are attempting to search for an item in the Advanced Threat Protection 3.0 Entity, Endpoint or other searches. When you type or paste in a value in uppercase where an AND or an OR is anywhere in the value, the search gets broken up into two queries or if you specified a specific field to search, that field and a query for the characters after the AND or OR.
 

Environment

Example:

ATP 3.x device_name: JNOLANDPC get parsed as device_name: JHOAGLANDPquery: PC

SEDR 4.0: device_name: CLIENTANDOVER gets parsed as device_name: CLIENTANDMulti Column: OVER

Resolution

This will be addressed in a future version of the SEDR Appliance software. Until then, the solution is to only search with lowercase terms, since Entity searches are not case sensitive.