CB ThreatHunter: Powershell Process Search API Call Returns Search Parsing Error

CB ThreatHunter: Powershell Process Search API Call Returns Search Parsing Error

search cancel

CB ThreatHunter: Powershell Process Search API Call Returns Search Parsing Error

book

Article ID: 289925

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

The following error is returned when searching for a specific cb.process_guid

Invoke-RestMethod : {"message":"Error parsing \"search_params\" from query string", "translation_key":"threathunter_search_parsing_error","translation_format_values":["search_params"]} At line:1 char:12

Environment

Process Search API for CB ThreatHunter: Version 1

Cause

The above error is caused by a syntax misconfiguration in the formatting of the API call

Resolution

Modify the following line from:

$request = Invoke-RestMethod -Uri $URL -Method POST -Headers $Headers -Body $Body

TO

$request = Invoke-RestMethod -Uri $URL -Method POST -Headers $Headers -Body ($Body | ConvertTo-Json)

Feedback

thumb_up Yes

thumb_down No