Reasons to collect a Process Document for troubleshooting
search cancel

Reasons to collect a Process Document for troubleshooting

book

Article ID: 284792

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Reasons to collect a Process Document for troubleshooting and the steps to collect the data

Environment

  • EDR Server: All Versions

Resolution

  1. Search not returning as expected. 
    • Example: Search is hitting on a negated child_proc
    • Example: Watchlist search did not get a hit, but a process was found that matches
    • Example: Search is hitting with an Unknown Process
      1. Provide the query being run
      2. CbDiags
      3. Raw Process Document
  2. Process is missing expected event information
  • Example: Process is missing expected netconn events
  • Example: When a process is selected from the search page, the event is not found
    1. CbDiags
    2. Raw Process Document
     3. For any type of event delay between EDR sensors and EDR Server

Additional Information

Powered by Wolken Software