Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to Check for ContentDownloadFailure Alarms (Linux)

Carbon Black Cloud: How to Check for ContentDownloadFailure Alarms (Linux)

Environment

  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard
    • Enterprise EDR
    • Audit & Remediation
    • Workload
  • Carbon Black Cloud Sensor: 2.12.x.x and Higher
  • Linux: All Supported Versions

Objective

Provide steps for checking on ContentDownloadFailure alarms/errors from a local machine from the content delivery network (https://content.carbonblack.io) which provides additional configuration for 2.12.x.x and higher Sensors

Resolution

  1. Launch terminal emulator
  2. Check for alarm in log.txt
    sudo grep -Ein --color "Added [[]ContentDownloadFailure[]] Telemetry event to Telemetry Event Sink." /var/opt/carbonblack/psc/log/log.txt
  3. Output will show the dates and times of relevant alarms
    <line#>:[YYYY-MM-DD hh:mm:ss.ssssss]... ReMgr : TAProcessEvent : Added [ContentDownloadFailure] Telemetry event to Telemetry Event Sink.

Additional Notes

  • Once changes have been made to allow access to content.carbonblack.io, the above error will stop occurring in the logs
  • It is also possible to check for telemetry events in general
    sudo grep -Ein --color "Added [[].*[]] Telemetry event to Telemetry Event Sink." /var/opt/carbonblack/psc/log/log.txt

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-19-2022
Views:
171
Contributors