Enterprise EDR: Regex search not working for netconn_domain
search cancel

Enterprise EDR: Regex search not working for netconn_domain

book

Article ID: 292304

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Using Regular Expression (Regex), search for netconn_domain:/@~(sampledomain.com)/ in Process Analysis page, the result displays with events associated with sampledomain.com domain.

Environment

  • Enterprise EDR Web Console: All Versions

Cause

The cause of the issue is currently unknown

Resolution

The issue is under investigation by VMware Carbon Black Team.

Additional Information

As part of workaround, use the below commands:
  • -netconn_domain:sampledomain.com
  • NOT nectonn_domain:sampledomain.com
Either of the above command will display events by excluding events associated with sampledomain.com domain. (Expected result)
Powered by Wolken Software