CB Response: How to see most common processes on an endpoint using the web interface

CB Response: How to see most common processes on an endpoint using the web interface

search cancel

CB Response: How to see most common processes on an endpoint using the web interface

book

Article ID: 288045

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To use the CB Response web interface to determine which processes most commonly occur on a specific endpoint.

Environment

CB Response: 6.x

Resolution

Log into the CB Response web interface
Click Process Search
Set the time interval properly.
Search on all events by hostname. Search on:

hostname:<hostname>
example:
hostname:JanetWindowsComputer

Use the facets on the left to see what the most common processes are.

Additional Information

Optionally, you can look for events that include net conns by adding:

hostname:<hostname> AND netconn_count:[1 TO *]

Use ingress filtering to remove safe or unwanted process events.

Feedback

thumb_up Yes

thumb_down No