EDR: How to export events associated with a process
Article ID: 288053
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
To download an exported list of all events (filemods, netconns, etc) associated with a specific event.
Environment
- EDR (CB Response): 6.x+
Resolution
- Log into the CB Response web interface.
- Use the Process Search or Watchlist page to search for the relevant event.
- Click on the relevant process to see the Process Analysis page.
- Click the blue Actions button (upper right corner) > Export Events
Additional Information
The resulting file is a zip containing CSV and/or JSON exports of all the relevant netconns, filemods, etc for the selected process.
Feedback
Yes
No
Powered by
