CB ThreatHunter: Powershell Process Search API Call Returns Search Parsing Error
book
Article ID: 289925
calendar_today
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
The following error is returned when searching for a specific cb.process_guid
- Invoke-RestMethod : {"message":"Error parsing \"search_params\" from query string", "translation_key":"threathunter_search_parsing_error","translation_format_values":["search_params"]} At line:1 char:12
Environment
- Process Search API for CB ThreatHunter: Version 1
Cause
The above error is caused by a syntax misconfiguration in the formatting of the API call
Resolution
Modify the following line from:
- $request = Invoke-RestMethod -Uri $URL -Method POST -Headers $Headers -Body $Body
TO
- $request = Invoke-RestMethod -Uri $URL -Method POST -Headers $Headers -Body ($Body | ConvertTo-Json)
Feedback
thumb_up
Yes
thumb_down
No