Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud APIs
Question
- Are wildcard queries against a search field expected to return results containing no value?
- Example: Would the following query return unsigned processes?
process_publisher:*
Answer
- No, query results will not include results where the field searched contains a null value.
- In the example provided, only signed processes would be returned because unsigned processes contain no value for the process_publisher field.
Additional Notes
Related Content
