CB Response: Why Are Hostnames Seen In Binary Searches That Are Outside of Users' Viewing Permissions?
search cancel

CB Response: Why Are Hostnames Seen In Binary Searches That Are Outside of Users' Viewing Permissions?

book

Article ID: 287309

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

When viewing the results of a binary search, users that don't have access to specific sensor groups will still see results related to the hostnames of the sensors in those restricted sensor groups.

Environment

  • CB Response Server: 6.3.0 and Higher

Resolution

This behavior is by design: while the user is unable to access those sensors, the user should still be able to see a list of hosts in the environment to know how prevalent the binary is and if this needs to go to a higher up in regards to a possible attack. 
 
Powered by Wolken Software