CB Response UI: Feeds facet show no results when investigating an alert

CB Response UI: Feeds facet show no results when investigating an alert

search cancel

CB Response UI: Feeds facet show no results when investigating an alert

book

Article ID: 291602

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

After selecting an alert in the UI, the results may show a single hit from the Feeds facet in the investigation page, but provide no results when selecting those hits from the Feeds facet.
Example Feeds:
1. Bit9EndpointVisibility
2. Bit9AdvancedThreats

Environment

CB Response UI: 6.X

Cause

If the alert came from a query-based feed, this is by design, as query based feeds match against the process as a whole, not specific events.

Resolution

There should not be any specific events associated with query-based feeds.

Feedback

thumb_up Yes

thumb_down No