Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black OS X Sensor DNS information for netconn events is inconsistent

Carbon Black OS X Sensor DNS information for netconn events is inconsistent

Version

Carbon Black OS X Sensor versions earlier than v5.1.

Issue

In some cases for an OS X Sensor, the netconn events report only an IP address and do not include a domain name. This is inconsistent behavior, as DNS information should be captured and present for netconn events.

Symptoms

From the Process Analysis page, focusing on netconn events, only an IP address is reported such as:

Connection to 4.53.56.118 on tcp/3268

Where one should expect a DNS name, such as:

Connection to 4.53.56.118 on tcp/3268 (www.google.com)

Solution

This issue is resolved in v5.1 of the OS X Sensor. Refer to OSX-148 in the 5.1 release notes for more information.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-06-2015
Views:
479
Contributors