Missing filemods from processes with over 10,000 filemods in Cb Response #145
Description
If I pull up a process in the Cb Response web GUI and it has over 10,000 filemods, and then I pull up the same process using cbapi, the cbapi Process claims it only has 10,000 filemods, and if I try enumerating them, I only get about 9,920 of them. What happened to all of the other filemods? How do I get them? Is this a limitation of the Response REST API?
Example: the web GUI shows process 0000cbf9-0000-1728-01d4-e63e96539a3a had 29969 filemods. So I pull it up with cbapi:
c = CbEnterpriseResponseAPI()
process = c.select(Process, '0000cbf9-0000-1728-01d4-e63e96539a3a')
print(process.filemod_count)
# 10000
fms = []
for fm in process.filemods:
fms.append(fm)
print(len(fms))
# 9917
Why does it claim the process only had 10000 filemods? Why am I only able to get 9917 of those 10000? How do I get the other filemods?
The REST endpoint used to retrieve the filemods is /api/v4/process/0000cbf9-0000-1728-01d4-e63e96539a3a/0/event. What endpoint would I use to get the rest of the filemods? Changing the 0 at the end to a 1 gets a 404 Not Found.
Cb Response version: 6.2.4.190118.1044