EDR: Which field corresponds to the process

search cancel

EDR: Which field corresponds to the process_name used in Watchlist IOC?

book

Article ID: 291518

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Process Analysis shows the process name in the Selected Process field does not match the Watchlist IOC process_name but the path field process name does match the Watchlist IOC process_name, so which field corresponds to the process_name used in Watchlist IOC?

Environment

EDR Server: All Versions

Resolution

Selected Process refers to process_cmdline
Path refers to process_name

Additional Information

If Watchlist IOC specifies a process name and path, then the process name and path must match on both

Feedback

thumb_up Yes

thumb_down No