Environment
- Carbon Black Cloud Console: June '23 Release (1.15) and Higher
- Carbon Black Cloud Sensor: All Supported Versions
Symptoms
- One or more notifications (Settings > Notifications) configured prior to June 15 are using criteria for Observed Alert category.
- Email notifications for Observed Alerts contain a link back to the Console for an Alert ID with no results.
Cause
- As of June 15th, 2023, the Alerts v7 API has deprecated Observed Alerts, which are now instead displayed as Observations on the Investigate page.
- Notifications configured prior to this date continue to use the Alerts v6 API, though links to Observed Alerts are no longer valid.
Resolution
To stop receiving Notifications for Observed Alerts, any Notifications using "Alert category" criteria should be deleted and recreated using the new Notifications criteria format.
Additional Notes
Any Notifications configured for Observed Alerts will continue to send emails with invalid links until the Notification is deleted and recreated or the Alerts v6 API is deprecated.
Related Content
