CB Response: Parent does not load in process tree
search cancel

CB Response: Parent does not load in process tree

book

Article ID: 290577

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • The parent process in the process tree is completely blank
  • The back-end process content lists parent information

Environment

  • CB Response Server: 6.3.0

Cause

This is a known issue with rendering parent processes starting in 6.3.0 - CB-24648

Resolution

  • This will be fixed in a future server release
  • As a workaround, the parent process can be found in the process document which can be gathered in the UI or backend
    • UI - https://community.carbonblack.com/t5/Knowledge-Base/CB-Response-How-to-output-process-document-information-in-a/ta-p/70325
    • Backend - https://community.carbonblack.com/t5/Knowledge-Base/CB-Response-How-to-get-raw-process-documents-via-Curl/ta-p/62572

Additional Information

  • Information on the parent process in a process document will be in the fields that start with 'parent_'
    • Example: "parent_name":"explorer.exe"
Powered by Wolken Software