Hosted EDR: Are there instructions to provide customers in collecting a processes unique ID?
search cancel

Hosted EDR: Are there instructions to provide customers in collecting a processes unique ID?

book

Article ID: 287314

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Is there a document that demonstrates how to collect a process unique ID from the process analysis page? 

Environment

  • Hosted EDR (formerly CB Response Cloud) Server/Cluster: All supported versions

Resolution

  1. Log into the console.
  2. Perform your search and click the process to bring you to the Process Analysis page.
  3. In the Process Analysis page grab the Unique ID (highlighted in red) from the browser URL 
https://<server>/#/analyze/00000007-0000-24c8-01d4-6cab54141c72/1540927207635?cb.legacy_5x_mode=false
  1. Provide the unique ID in a comment to the support case

Additional Information

If collecting from a clustered environment the process above will need to be ran from the minion the sensor is connected that created the event/alert
Powered by Wolken Software