CB Response: Binary search for observed_filename returning binaries that do not match the name
search cancel

CB Response: Binary search for observed_filename returning binaries that do not match the name

book

Article ID: 290089

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Results for searches using the field observed_filename returns binaries that do not match the name
  • Loading a mismatched binary shows the search query result in the filepath

Environment

  • CB  Response Server: 6.x and higher

Cause

The field observed_filename will search for a match with the filepath

Resolution

This is performing as designed. 

Additional Information

Page 205 of the user guide describes this field to search for the full path of the binary at the time of collection. 
Powered by Wolken Software