Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Carbon Black Cloud Console
Carbon Black Cloud Splunk Plug-in
Carbon Black Cloud QRadar Plug-in
Carbon Black Cloud 3rd Party API Users

Symptoms

Device_username field does not have the current user.

Cause

Alerts show user who installed the product rather than logged-in user.

Resolution

Console update: Run By will be replaced by Process username as part of UAE 3.0 Release due in Aug 2023.
API queried results will be updated as CBC Plug-ins for QRadar, Splunk and other 3rd party tools are updated to utilze the new API V7 calls.

Additional Notes

The v7 alert API will include a process_username field which is the user that ran the process of the alert, rather than the user that installed the device.
The API's are available now and when the Plugins get updated this change should appear.
More information can be found in the related content below.

Related Content

Search Fields - Alerts - Carbon Black Developer Network
Alerts API - Carbon Black Developer Network

Article Information

Author:

Creation Date:

‎09-06-2023

Views:

543

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.