logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Defense: How To Start Building a Complex Search

CB Defense: How To Start Building a Complex Search

Environment

  • CB Defense PSC Console: All Versions

Objective

Show how to start building a complex search using AND and OR operators and parentheses to return accurate results

Resolution

  1. Go to the Investigate page
  2. Click on 'Enable advanced search'
  3. Enter the following, replacing items with actual values 
    (TermA_1 OR TermA_2 OR TermA_3) AND (TermB_1 OR TermB_2 OR TermB_3)

Additional Notes

  • This can be done for multiple combinations of information types
  • Users accessing files 
    (User1 OR User2 OR User3) AND (Doc1 OR Doc2 OR Doc3)
(User1 OR User2 OR User3) AND (Hash1 OR Hash2 OR Hash3)
  • Files on a machine 
    (Doc1 OR Doc2 OR Doc3) AND (Machine1 OR Machine2 OR Machine3)
(Hash1 OR Hash2 OR Hash3) AND (Machine1 OR Machine2 OR Machine3)
  • Files being blocked 
    (Doc1 OR Doc2 OR Doc3) AND (TTP:POLICY_DENY OR TTP:POLICY_TERMINATE)
(Hash1 OR Hash2 OR Hash3) AND (TTP:POLICY_DENY OR TTP:POLICY_TERMINATE)

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎02-18-2019
Views:
411
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.