Endpoint searches return a "400 bad request" when using the not equals operator
search cancel

Endpoint searches return a "400 bad request" when using the not equals operator

book

Article ID: 251879

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

When performing an Endpoint search using the not equals operator (i.e. -path:"C:\\test"), a "400 bad request" is returned.

Resolution

The "not equals" is not a supported query parameter for Endpoint searches.  EDR validates query parameters and will report an error when unsupported characters are used.

Powered by Wolken Software