EDR: Netconns missed on endpoint
Article ID: 289444
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
A process made multiple netconns, but only one event is captured. Non-Cb Response logs, such as proxy logs, show these connection attempts
Environment
- EDR (Formerly CB Response) Server: All Versions
- EDR Sensor: All Versions
- Linux: All Supported Versions
- Microsoft Windows: All Supported Versions
- Proxy exists between Sensor and Server
Cause
This is a known limitation with how the sensor captures data sent through proxies
Resolution
The sensor does not have the ability to do intelligent stateful packet inspection at the application level like an HTTP proxy server does.
Feedback
Yes
No
Powered by
