Carbon Black Cloud: Local_IP and Remote_IP Are Showing as Opposite in the Events for UDP

Carbon Black Cloud: Local_IP and Remote_IP Are Showing as Opposite in the Events for UDP

search cancel

Carbon Black Cloud: Local_IP and Remote_IP Are Showing as Opposite in the Events for UDP

book

Article ID: 289315

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

In rare instances the Local_IP belongs to an external computer when Local_IP should represent the local device
The Remote_IP belongs to the local device

Environment

Carbon Black Cloud Sensor: All Supported Versions

Cause

Unknown cause this has been seen in rare instances with UDP

Resolution

Please reach out to support with additional information like frequency as the cause is unknown

Feedback

thumb_up Yes

thumb_down No