Environment

• Carbon Black Cloud Console:  All supported Versions

Objective

Resolution

Please open up a case with CB Support. The case will start with collecting information:

1. In the Alerts tab, check the Notifications history for a specific alert to see if it shows being successfully sent and will show if the alert is acting appropriately or not.
2. In the Notifications tab, check the Notification history to see if the Notifications are being sent successfully.
3. In the API Keys tab, check the Notification history for that specific connector.  Is it receiving and sending notifications properly?  Settings may need to be adjusted
4. Verify that the API Access Level is set to SIEM if events are forwarded.
   1.  If API is chosen, the specific API Name that has been set up will not function correctly.  Note: There is no way to change API type after initial configuration. It will need to be reconfigured.
5. Support will want to verify settings in the Connector.cfg file including the API ID, API Key, Server URL, Ports, types of communication etc. and compare those settings to console.
6. Check that the server URL is correct
   1. List of URLs

Additional Notes

• Detailed description how to check for logs
• The Access Level of SIEM can only be used for notifications.
• Using a curl command for anything other than notifications should use the Access Level of API.
• Events that appear after an Alert is first pulled may not appear due to this behavior

Related Content