logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Enterprise EDR: Regex search not working for netconn_domain

Enterprise EDR: Regex search not working for netconn_domain

Environment

Enterprise EDR Web Console: All Versions

Symptoms

Using Regular Expression (Regex), search for netconn_domain:/@~(sampledomain.com)/ in Process Analysis page, the result displays with events associated with sampledomain.com domain.

Cause

The cause of the issue is currently unknown

Resolution

The issue is under investigation by VMware Carbon Black Team.

Additional Notes

As part of workaround, use the below commands:
  • -netconn_domain:sampledomain.com
  • NOT nectonn_domain:sampledomain.com
Either of the above command will display events by excluding events associated with sampledomain.com domain. (Expected result)

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎01-26-2021
Views:
599
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.