Observation for a childproc event assigned to an Alert ID does not contain a filename, command line, or PID, and instead only displays the SHA256 hash, process username, and file reputation.

This issue is currently under investigation by Carbon Black engineers and understood to be a discrepancy in how the data is populated from the API.

No workaround is available at this time.

If the unknown hash's process name is not found elsewhere in the Console by searching the hash on the Investigate page, it can also be searched in VirusTotal, or other search engine, for identification.