Environment
- Carbon Black Cloud Console: All Versions
Symptoms
Observation for a childproc event assigned to an Alert ID does not contain a filename, command line, or PID, and instead only displays the SHA256 hash, process username, and file reputation.
Cause
This issue is currently under investigation by Carbon Black engineers and understood to be a discrepancy in how the data is populated from the API.
Resolution
No workaround is available at this time.
Additional Notes
If the unknown hash's process name is not found elsewhere in the Console by searching the hash on the Investigate page, it can also be searched in
VirusTotal, or other search engine, for identification.