Skip to main content
Panther Knowledge Base

CrowdStrike TargetProcessId value is incorrect in Panther's Data Explorer

  1. Last updated
  2. Save as PDF

Issue

When querying the targetProcessId of a CrowdStrike event in Data Explorer in the Panther Console, it returns an ID where the number rounds the last two digits to 00.

e.g. 154876524187563218 becomes 154876524187563200

Resolution

To resolve this issue, cast the ID value to a string where possible. For example, before sending the ID as part of an alert context, try:

 def alert_context(event):
     event = event.to_dict()
     event['targetProcessId'] = str(event['targetProcessId'])
     return event

Cause

This issue occurs because the JSON parser used to serialize event data for transport doesn't support more than 16 significant figures in a number. Changing the data type to string bypasses this limitation.

 

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.