Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Carbon Black Cloud Console: All Verisons
Alert Forwarding to S3
API v6

Symptoms

Alerts forwarded to S3 contain a category value of "WARNING" or "NOTICE" while the UI/API show "THREAT" or "MONITORED"
Searching alert_category in UI for WARNING or NOTICE returns no results

Cause

A design gap in the way information is sent between the alert forwarder and API

Resolution

Future versions of the alert forwarder will be updated to show "THREAT" or "MONITORED" in the category
When searching for categories, convert the values depending on the environment

Alert Forwarder (category)	UI (alert_category)	API v6 (category)
WARNING	THREAT	THREAT
NOTICE	MONITORED	MONITORED

Additional Notes

Legacy services used additional categories which are not used for any alerts including INFO, MINOR, SERIOUS, and CRITICAL

Related Content

Event Forwarder Configuration API - Carbon Black Developer Network

Article Information

Author:

Creation Date:

‎11-08-2020

Views:

408

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.