Enterprise EDR: Group by Hash not working on Process Analysis page
search cancel

Enterprise EDR: Group by Hash not working on Process Analysis page

book

Article ID: 290433

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Investigate page is set to "Group by hash", but several processes of the same name / hash are listed individually

Environment

  • Enterprise EDR Console: All Versions

Cause

The current logic to group hashes will not group any processes that are tied to a watchlist hit or with child processes

Resolution

The current behaviour is by design. Future work will improve the logic to include watchlist events and events with children - DSER-25387