CB Response: Filemod searches with a leading forwardslash will not return results
Article ID: 291950
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Searches like filemod:/var/lib/yum* returns no results
- Searching a full filemod path returns results
Environment
- CB Response Server: All Versions
Cause
Response does not tokenize the leading forwardslash in certain fields, including filemod
Resolution
Remove the leading forward-slash when searching
Additional Information
This behavior does not apply to paths using a leading backslashÂ
Feedback
Yes
No
Powered by
