Enterprise EDR: How to filter Cloud (Initial) and Cloud (Current) reputations in an investigate query
search cancel

Enterprise EDR: How to filter Cloud (Initial) and Cloud (Current) reputations in an investigate query

book

Article ID: 290585

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Filter Investigate page Processes tab results based on Cloud (Initial) and Cloud (Current) reputation fields

Environment

  • Enterprise EDR Web Console: All Versions

Resolution

Leverage the following search field to include or exclude processes with a specified Cloud (Initial) or Cloud (Current) reputation:
  • Include a process with a specified Cloud (Initial) or Cloud (Current) reputation 
    • process reputation:<reputation value>
  • Exclude a process with a specified Cloud (Initial) or Cloud (Current) reputation
    • -process reputation:<reputation value>
Powered by Wolken Software