Skip to main content
Panther Knowledge Base

CrowdStrike TargetProcessId value is incorrect in Panther's Data Explorer


When querying the targetProcessId of a CrowdStrike event in Data Explorer in the Panther Console, it returns an ID where the number rounds the last two digits to 00.

e.g. 154876524187563218 becomes 154876524187563200


To resolve this issue, cast the ID value to a string where possible. For example, before sending the ID as part of an alert context, try:

 def alert_context(event):
     event = event.to_dict()
     event['targetProcessId'] = str(event['targetProcessId'])
     return event 


This issue occurs because the JSON parser used to serialize event data for transport doesn't support more than 16 significant figures in a number. Changing the data type to string bypasses this limitation.



  • Was this article helpful?