Carbon Black Console: Sudden Watchlist Alerts with Netconn but no Netconn events in the Investigate tab.
search cancel

Carbon Black Console: Sudden Watchlist Alerts with Netconn but no Netconn events in the Investigate tab.

book

Article ID: 289839

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Sudden Influx of alerts linked to netconn_count, but searching on Investigate page in the console, there were no events for netconn activity.

Environment

  • Carbon Black Console: All Versions
  • EEDR: All versions

Cause

Recent code change in the backend for testing purpose had caused this issue.

Resolution

Reverting the code change in the backend resolved this issue.
Powered by Wolken Software