You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a small remark regarding the netconn script. I would expect this script to pull out all the network connections that occurred over the past x minutes. However, because carbon black stores its information structured around processes I feel that the current query is not entirely accurate. The script is currently pulling out the network connections for processes started in the last x minutes.
If a process has been running for over the x minute threshold and it performs a new network connection, the last_update timestamp of that process would be updated. Therefore I would suggest to change the query from 'start:-x' to 'last_update:-x' and (optionally) filtering the results returned in the process_search function based on the timestamp of the network connection.
What do you guys think? I guess it somewhat depends on what you are trying to achieve with the script :)
The text was updated successfully, but these errors were encountered:
Hey guys,
First of all, thanks for the scripts.
I have a small remark regarding the netconn script. I would expect this script to pull out all the network connections that occurred over the past x minutes. However, because carbon black stores its information structured around processes I feel that the current query is not entirely accurate. The script is currently pulling out the network connections for processes started in the last x minutes.
If a process has been running for over the x minute threshold and it performs a new network connection, the last_update timestamp of that process would be updated. Therefore I would suggest to change the query from 'start:-x' to 'last_update:-x' and (optionally) filtering the results returned in the process_search function based on the timestamp of the network connection.
What do you guys think? I guess it somewhat depends on what you are trying to achieve with the script :)
The text was updated successfully, but these errors were encountered: