logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud: Data Forwarder alert_id Filtering Sending Additional Event Data

Carbon Black Cloud: Data Forwarder alert_id Filtering Sending Additional Event Data

Environment

  • Carbon Black Cloud: All Supported Versions
  • Event Forwarder 

Symptoms

When using alert_id:* in a Custom Query filter, events not associated with an alert are being forwarded

Cause

Backend filter was allowing some event data not associated by an alert_id be forwarded even if it was supposed to be filtered

Resolution

  • Backend fix is being released to prevent events being forwarded where they don’t match the alert_id:* filter
  • A reduction of events being forwarded may be seen as the Data Forwarder enforces this filter
  • Event Forwarder filters may need to be adjusted if event data not associated to an alert_id is needed

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎06-14-2022
Views:
281
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.