CB Response: Missing process_path in events forwarded from Mac OS X

CB Response: Missing process_path in events forwarded from Mac OS X

search cancel

CB Response: Missing process_path in events forwarded from Mac OS X

book

Article ID: 289615

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Netconn events on Mac endpoints do not include the process_path when forwarded to a SIEM

Environment

CB Response Server: All Versions
CB Response Sensor: 6.x
CB EventForwarder: All Versions

Cause

Mac sensors send event information with a different header that does not include the process_path

Resolution

Future work from Carbon Black will add the process_path - CB-26685
To work around the issue, the process_path can be found in the UI

Feedback

thumb_up Yes

thumb_down No