When performing a search on ATP 3.x or SEDR 4.0, the search term gets cut into two queries
Last Updated December 18, 2018
You are attempting to search for an item in the Advanced Threat Protection 3.0 Entity, Endpoint or other searches. When you type or paste in a value in uppercase where an AND or an OR is anywhere in the value, the search gets broken up into two queries or if you specified a specific field to search, that field and a query for the characters after the AND or OR.
ATP 3.x device_name: JNOLANDPC get parsed as device_name: JHOAGLANDPquery: PC
SEDR 4.0: device_name: CLIENTANDOVER gets parsed as device_name: CLIENTANDMulti Column: OVER
This will be addressed in a future version of the SEDR Appliance software. Until then, the solution is to only search with lowercase terms, since Entity searches are not case sensitive.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe