Enterprise EDR: Group by Hash not working on Process Analysis page
book
Article ID: 290433
calendar_today
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Investigate page is set to "Group by hash", but several processes of the same name / hash are listed individually
Environment
- Enterprise EDR Console: All Versions
Cause
The current logic to group hashes will not group any processes that are tied to a watchlist hit or with child processes
Resolution
The current behaviour is by design. Future work will improve the logic to include watchlist events and events with children - DSER-25387
Feedback
thumb_up
Yes
thumb_down
No