Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Carbon Black Cloud Console: All Supported Versions
VMware Carbon Black Cloud App for Splunk: 1.x
Splunk: 8.x

Symptoms

Alert URL is not included in the data sent to SIEM/API

Cause

The Data forwarder which is required to populate the Alert URL was not configured

Resolution

The below workaround can be followed:

Copy the DEVICE_ID and ALERT_ID from the notification
Navigate to the Investigate page
Format a search query including the following search fields

device_id:{DEVICE_ID} AND alert_id:{ALERT_ID}

Related Content

Carbon Black Cloud: What Splunk Apps/Add-Ons are needed?
CB Defense: How to Setup and Configure Splunk Enterprise to Receive Data
CB ThreatHunter: What Is Needed To Integrate With Splunk?
CB ThreatHunter: How to Setup and Configure Splunk Enterprise to Receive Data
Carbon Black Cloud: How to Enable Data Forwarders

Article Information

Author:

Creation Date:

‎09-26-2019

Views:

756

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.