logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: Alert searches are not reporting watchlist-generated alerts when the field_name is not specified.

Carbon Black Cloud: Alert searches are not reporting watchlist-generated alerts when the field_name is not specified.

Environment

  • CBC Console:  .75.0
  • CBC Sensors:   All versions

Symptoms

  1. Go to the Alerts page
  2. search for "device_name:Mylaptop1" - this works.. both watchlist and CB Analytics alerts are reported.
  3. now search for just "Mylaptop1" - this fails and ONLY returns CB Analytics alerts
  4. device_name: Mylaptop1   <-- this works
Mylaptop1                <-- this will not return watchlist-generated alerts for the machine Mylaptop1
      The problem occurs with other fields as well and is not limited to the "device_name" field. For instance, the "watchlist_name" field also exhibits the same symptoms
 

Cause

Now under investigation. This article will flip to public once further confirmed by Engineering.

Resolution

DSER-39198 UI issue resolved March 24th, 2022

Additional Notes

Issue first reported on Monday, March 7th 2022

Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎03-24-2022
Views:
406
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.