CB Defense: Child Process Hashes Are Not Passed to Splunk Feed

CB Defense: Child Process Hashes Are Not Passed to Splunk Feed

search cancel

CB Defense: Child Process Hashes Are Not Passed to Splunk Feed

book

Article ID: 289506

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Upon review, only parent processes appear to be included in the Splunk feed

Environment

CB Defense Add-On for Splunk

Cause

Known limitation

Resolution

Please feel free to vote for the idea https://community.carbonblack.com/t5/Idea-Central/Splunk-Feed-Include-both-parent-and-child-SHA256-hashes/idi-p/70553 to have both parent and child SHA256 hashes included in the Splunk feed

Feedback

thumb_up Yes

thumb_down No