logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Does a Wildcard Query on a Search Field Return Null Values?

Carbon Black Cloud: Does a Wildcard Query on a Search Field Return Null Values?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud APIs

Question

  • Are wildcard queries against a search field expected to return results containing no value?
  • Example: Would the following query return unsigned processes?   
    process_publisher:*

Answer

  • No, query results will not include results where the field searched contains a null value.
  • In the example provided, only signed processes would be returned because unsigned processes contain no value for the process_publisher field. 

Additional Notes

Advanced search criteria and operators can be leveraged to obtain the desired results.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎05-15-2023
Views:
232
Contributors
logo