CB Response: Process queries with binary joins incorrectly handle group and OS negation
Article ID: 289660
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
When performing a process search with binary fields, and also group and OS negation, the results will be incorrect.
Environment
- CB Response server: 6.2.2 and above
Cause
Bug CB-21781.
Resolution
The bug will be fixed in a future release.
The workaround is to add "group:*" or "os_type:*" in the query.
The workaround is to add "group:*" or "os_type:*" in the query.
Feedback
Yes
No
Powered by
