Cb Response: Unable to find an event in Process Analysis by ipport
search cancel

Cb Response: Unable to find an event in Process Analysis by ipport

book

Article ID: 288147

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Process query is able to find a process with a particular ipport but unable to find it in the console after moving to Process Analysis.

Environment

  • Cb Response Server: 6.x

Cause

Unfortunately there is no way to find the event for a destination port via a query in Process Analysis, the ipport field is indexed but it is not stored as it's own field, it is part of the netconn event.

Resolution

You can:
  1. Pull the doc from the API 
  2. Search the process doc for the event with the desired iiport
or 
  1. Pull the doc from solr directly
  2. Search the process doc for the event with the desired iiport
Powered by Wolken Software