ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
When performing a search on ATP 3.x or SEDR 4.0, the search term gets cut into two queries
Article ID: 170638
Updated On:
Products
Endpoint Detection and Response
Advanced Threat Protection Platform
Issue/Introduction
You are attempting to search for an item in the Advanced Threat Protection 3.0 Entity, Endpoint or other searches. When you type or paste in a value in uppercase where an AND or an OR is anywhere in the value, the search gets broken up into two queries or if you specified a specific field to search, that field and a query for the characters after the AND or OR.
Environment
Example:
ATP 3.x device_name: JNOLANDPC get parsed as device_name: JHOAGLANDPquery: PC
SEDR 4.0: device_name: CLIENTANDOVER gets parsed as device_name: CLIENTANDMulti Column: OVER
Resolution
This will be addressed in a future version of the SEDR Appliance software. Until then, the solution is to only search with lowercase terms, since Entity searches are not case sensitive.
Feedback
Yes
No
Powered by
