Carbon Black Cloud: TTP AMSI_PROCESS_INJECTION not shown in Alerts Page
book
Article ID: 287483
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
TTP AMSI_PROCESS_INJECTION is not shown in Alerts Page but can be seen in related events in Investigate Page.
Environment
- Carbon Black Cloud Console: All supported versions
- Carbon Black Cloud Windows Sensor: 3.6 and Higher
- Microsoft Windows 10 1703 and Higher
- Microsoft Windows Server 2016: Version 1709 and Higher
Cause
Data resource is not all the same for Alerts Page and Investigate Page, which caused the difference in TTP presenting.
Resolution
It is working as the current design, and will be improved by new design in future release.
Feedback
thumb_up
Yes
thumb_down
No