EDR: Alert API segment_id field does not match process document segment

search cancel

EDR: Alert API segment_id field does not match process document segment_id value

book

Article ID: 292402

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Alert API segment_id field does not match process document segment_id value.

Environment

EDR Server: 6.2.2+

Cause

The cause of this issue was investigated by engineering under the scope of CB-22100 and determined to be resolved.

Resolution

This issue only impacts API users and does not cause UI problems.

The workaround is to use process_unique_id field returned from the alert API document, which contains both the process id and the segment in hex. Example:

process_unique_id": "0000000f-0000-1858-01d4-57f8e437e877-016625905fcc"
process_id: 0000000f-0000-1858-01d4-57f8e437e877

## The segment_id is 016625905fcc converted in decimal as 1538228510668.
## The API call would be 0000000f-0000-1858-01d4-57f8e437e877/1538228510668.

Feedback

thumb_up Yes

thumb_down No