Version
Cb Response Version 5.x
Issue
The default search order in the UI is None for binary and process pages. The UI gives the users the ability to sort by other criteria, but the selection is not persisted and reverts to None again when the pages are reloaded. This default setting can be changed in cb.conf:
# Parameterization of search page default sort order and page size (default are
# as shown below) #CoreServicesProcessSearchOrder="" #CoreServicesBinarySearchOrder="" |
Symptoms
If the chosen setting isn't valid, there will be a broken API call visible in solr/debug.log:
2016-03-15 21:38:07,305 - [ERROR] - from org.apache.solr.core.SolrCore in http-8080-23
org.apache.solr.common.SolrException: Can't determine a Sort Order (asc or desc) in sort spec 'Process lastupdate time', pos=7
at org.apache.solr.search.QueryParsing.parseSort(QueryParsing.java:324)
at org.apache.solr.search.QParser.getSort(QParser.java:281)
at org.apache.solr.handler.component.QueryComponent.prepare(QueryComponent.java:123)
Solution
The valid mappings for this feature are as follows:
|
| Process last update time | "last_update desc" |
| Process start time | "start desc" |
| Process name | "process_name asc" |
| Count of Network connections | "netconn_count desc" |
| Count of Registry modifications | "regmod_count desc" |
| Count of File modifications | "filemod_count desc" |
| Count of Binary loads | "modload_count desc" |
| None | "" |
|
| First seen time | "server_added_timestamp desc" |
| CB Alliance: VirusTotal Hits | "alliance_score_virustotal desc" |
| Sign time | "digsig_sign_time asc" |
| File size | "orig_mod_len desc" |
| Company name | "company_name asc" |
| MD5 | "md5 asc" |
| None | "" |
Important Note(s)
No other option or mapping is allowed.
