EDR: Unable to View Fileless Scriptload Events
search cancel

EDR: Unable to View Fileless Scriptload Events

book

Article ID: 287977

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Unable to view Fileless Scriptload behavior after enabling the collection the sensor group settings

Environment

  • EDR Console: 7.2 and Higher
  • EDR Sensor: 7.1.0 and Higher
  • Micosoft Windows: All Supported Versions

Cause

Filess Scriptload is only captured via the raw sensor exchange data in the cb-event-forwarder and pushed to a SIEM. 

Resolution

At this time, the events are not viewable in the console. This feature is tentatively slated for 7.5.0 server release
Powered by Wolken Software