Carbon Black Cloud: Does a Wildcard Query on a Search Field Return Null Values?

Carbon Black Cloud: Does a Wildcard Query on a Search Field Return Null Values?

search cancel

Carbon Black Cloud: Does a Wildcard Query on a Search Field Return Null Values?

book

Article ID: 289821

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Are wildcard queries against a search field expected to return results containing no value?
Example: Would the following query return unsigned processes?
```
process_publisher:*
```

Environment

Carbon Black Cloud Console: All Versions
Carbon Black Cloud APIs

Resolution

No, query results will not include results where the field searched contains a null value.
In the example provided, only signed processes would be returned because unsigned processes contain no value for the process_publisher field.

Additional Information

Advanced search criteria and operators can be leveraged to obtain the desired results.

Feedback

thumb_up Yes

thumb_down No