EDR: How to create Advanced Process Search Queries

EDR: How to create Advanced Process Search Queries

search cancel

EDR: How to create Advanced Process Search Queries

book

Article ID: 288487

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to create Advanced Process Search Queries

Environment

EDR: All supported versions

Resolution

Consult "Chapter 13: Advanced Search Queries" of the CB Response User Guide

Additional Information

The CB Response console provides a check box interface to choose criteria for searches of processes, binaries, alerts, and threat reports. However this chapter describes how to construct more complex queries.
The guide provides more details on terms, operators and fields that can be used to construct queries which can be run across process search, binary search, alerts and threat reports.

Feedback

thumb_up Yes

thumb_down No