Cb ThreatHunter: When using wildcards in Investigate no data is returned
search cancel

Cb ThreatHunter: When using wildcards in Investigate no data is returned

book

Article ID: 288143

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • When using wildcards is a \ in Investigate no data is returned 
Example: 
process_name: system32\*

Environment

  • Cb ThreatHunter PSC Console: All Versions

Cause

\ is an escape character for special characters, so the search is looking for the literal string system32*

Resolution

  1. Use process_name: system32
  2. Or use process_name: system32\\*
Powered by Wolken Software