Carbon Black OS X Sensor versions earlier than v5.1.
In some cases for an OS X Sensor, the netconn events report only an IP address and do not include a domain name. This is inconsistent behavior, as DNS information should be captured and present for netconn events.
From the Process Analysis page, focusing on netconn events, only an IP address is reported such as:
Connection to 126.96.36.199 on tcp/3268
Where one should expect a DNS name, such as:
Connection to 188.8.131.52 on tcp/3268 (www.google.com)
This issue is resolved in v5.1 of the OS X Sensor. Refer to OSX-148 in the 5.1 release notes for more information.