CB ThreatHunter: How to search using the ampersand special character
search cancel

CB ThreatHunter: How to search using the ampersand special character

book

Article ID: 285152

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

The objective of this article is to provide the appropriate syntax to successfully query data on the investigate page leveraging the ampersand special character

Environment

  • CB ThreatHunter Web Console: All Versions
  • CB PSC Sensor: 3.4.x.x and higher
  • Microsoft Windows: All Supported Versions

Resolution

  1. Login to the CB ThreatHunter web console
  2. Navigate to the Investigate page
  3. Select the search bar and enter the desired query syntax. The below query is simply an example displaying how to properly utilize the ampersand character within a given search query:
process_cmdline:&*