DCS Events have Missing Fields for some Registry Value Activity events

book

Article ID: 208521

calendar_today

Updated On:

Products

Integrated Cyber Defense Exchange ICDx

Issue/Introduction

You are seeing some events with blank fields for reg_value_result while other times it is filled. 

  • Some entries have an empty result:

reg_value_result: { 
}

  • While other entries are not empty:

reg_value_result: { 
     data: 0
}

Cause

The Integrated Defense Exchange software is just passing along the data it receives from DCS itself. These items are also blank in the DCS database:

  • Empty result from the DCS database:

Old/New Values:  / 

  • Result that is not empty from the DCS database:

Old/New Values:  / 0

Environment

Release : 1.4

Component : DCS collector

Resolution

The Integrated Cyber Defense Exchange (ICDx) software is working as designed and is passing along the data that it is receiving from DCS.