logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB ThreatHunter: Successful Query Returns "Search Fields are Required" Message When Saving as a Threat Report

CB ThreatHunter: Successful Query Returns "Search Fields are Required" Message When Saving as a Threat Report

Environment

  • CB ThreatHunter PSC Console: March '19 release and later

Symptoms

  • A query on on the Investigate page successfully runs and return results
  • Clicking on the "Add search to threat report" link results in the following message 
    Search fields are required to add queries to a watchlist report. To learn more, see the search guide.

Cause

This is expected behavior because Threat Reports require all search terms to include a field name (such as process_name, process_cmdline, etc.)

Resolution

  1. Check the query for any search terms that do not include a field name
  2. Add the missing field names
  3. The query can now be saved as a Threat Report

Additional Notes

  • Value Search was added in the March PSC release, which added the ability to perform searches across all fields for a given term without designating a specific field
  • Threat Reports still require a specified field for each search term
  • It only takes one missing field name to prevent saving as a Threat Report
  • A successful query cannot always be saved as a Threat Report due to this distinction

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
939
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.