Version
Carbon Black OS X Sensor versions earlier than v5.1.
Issue
In some cases for an OS X Sensor, the netconn events report only an IP address and do not include a domain name. This is inconsistent behavior, as DNS information should be captured and present for netconn events.
Symptoms
From the Process Analysis page, focusing on netconn events, only an IP address is reported such as:
Connection to 4.53.56.118 on tcp/3268
Where one should expect a DNS name, such as:
Connection to 4.53.56.118 on tcp/3268 (www.google.com)
Solution
This issue is resolved in v5.1 of the OS X Sensor. Refer to OSX-148 in the 5.1 release notes for more information.