CB Response: Missing process_path in events forwarded from Mac OS X
book
Article ID: 289615
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Netconn events on Mac endpoints do not include the process_path when forwarded to a SIEM
Environment
- CB Response Server: All Versions
- CB Response Sensor: 6.x
- CB EventForwarder: All Versions
Cause
Mac sensors send event information with a different header that does not include the process_path
Resolution
- Future work from Carbon Black will add the process_path - CB-26685
- To work around the issue, the process_path can be found in the UI
Feedback
thumb_up
Yes
thumb_down
No