Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Data Forwarder alert_id Filtering Sending Additional Event Data

Carbon Black Cloud: Data Forwarder alert_id Filtering Sending Additional Event Data

Environment

  • Carbon Black Cloud: All Supported Versions
  • Event Forwarder 

Symptoms

When using alert_id:* in a Custom Query filter, events not associated with an alert are being forwarded

Cause

Backend filter was allowing some event data not associated by an alert_id be forwarded even if it was supposed to be filtered

Resolution

  • Backend fix is being released to prevent events being forwarded where they don’t match the alert_id:* filter
  • A reduction of events being forwarded may be seen as the Data Forwarder enforces this filter
  • Event Forwarder filters may need to be adjusted if event data not associated to an alert_id is needed

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎06-14-2022
Views:
83
Contributors