Cb ThreatHunter: When using wildcards in Investigate no data is returned
book
Article ID: 288143
calendar_today
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- When using wildcards is a \ in Investigate no data is returnedÂ
Example:
process_name: system32\*
Environment
- Cb ThreatHunter PSC Console: All Versions
Cause
\ is an escape character for special characters, so the search is looking for the literal string system32*
Resolution
- Use process_name: system32
- Or use process_name: system32\\*
Feedback
thumb_up
Yes
thumb_down
No