Enterprise EDR: cbapi process call only returning up to 500 hits where previous version returned up to 10,000 hits
search cancel

Enterprise EDR: cbapi process call only returning up to 500 hits where previous version returned up to 10,000 hits

book

Article ID: 288207

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

This script used to return up to 10,000 hits using cbapi 1.6.x: 
from cbapi.psc.threathunter import *
cb = CbThreatHunterAPI()
query = cb.select(Process).where("process_name:chrome.exe")
print(len(query))

The same script only returns up to 500 hits using cbapi 1.7.0

Environment

  • Enterprise EDR: All versions
  • CBAPI: 1.6.x
  • CBAPI: 1.7.0
  • CBAPI: 1.7.1 and above

Cause

cbapi 1.7.0 upgraded from process search v1 to process search v2, which, by default, lowered the max return hits to 500.

Resolution

Upgrade to cbapi 1.7.1 which changed the rows property back to 10,000 which is again the default max hits.
Powered by Wolken Software