You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When searching for anything non-process-related (e.g. regmod, netconn, filemod), the actual result is not included in the output from CbR or CbC. You don't know what registry key was found or what file modification was identified by the query - you're only given the process and then have to pivot into the native EDR's portal to continue searching.
Proposal
Expand CbR and CbC to include event details. This change can definitely impact performance so I propose only including event details if explicitly set via flag/param at runtime.
Additional Context
N/A
The text was updated successfully, but these errors were encountered:
Which category is the feature part of?
Which product is the feature part of?
Use Cases
When searching for anything non-process-related (e.g. regmod, netconn, filemod), the actual result is not included in the output from CbR or CbC. You don't know what registry key was found or what file modification was identified by the query - you're only given the process and then have to pivot into the native EDR's portal to continue searching.
Proposal
Expand CbR and CbC to include event details. This change can definitely impact performance so I propose only including event details if explicitly set via flag/param at runtime.
Additional Context
N/A
The text was updated successfully, but these errors were encountered: