Environment
- CB Threat Hunter Console: Current Version
- CB Threat Hunter Sensor: 3.4.x
Question
Why am I getting (Unknown) listed in the REGMODS, FILEMODS, NETCONNS, MODLOADS, and CHILDPROCS in my events?
Answer
- Having (Unknown) listed in the "REGMODS", "FILEMODS", "NETCONNS", "MODLOADS", and "CHILDPROCS" are typically caused by viewing event data from devices on sensor versions below 3.4 in the Threat Hunter investigation page.
- Upgrading the sensor to version 3.4.x should correct the issue.
Additional Notes
- If the issue persists, please contact support.
Related Content