Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB ThreatHunter: Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

CB ThreatHunter: Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

Environment

  • CB Threat Hunter Console: Current Version
  • CB Threat Hunter Sensor: 3.4.x

Question

Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?

Answer

  • Having (Unknown) listed in the "REGMODS", "FILEMODS", "NETCONNS", "MODLOADS", and "CHILDPROCS" are typically caused by viewing event data from devices on sensor versions below 3.4 in the Threat Hunter investigation page.
  • Upgrading the sensor to version 3.4.x should correct the issue.

Additional Notes

  • If the issue persists, please contact support.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎02-06-2019
Views:
414
Contributors