Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Unable to See or Export Verbose Audit Log Entries

Carbon Black Cloud: Unable to See or Export Verbose Audit Log Entries

Environment

  • Carbon Black Cloud Console: 21-Sep-2020 Console (0.57.x release) and Higher

Symptoms

  • Selecting Verbose option (Flagged|Standard|Verbose) does not show Verbose entries
  • Exporting Audit Log data does not include Verbose entries

Cause

Console defect, Verbose criteria not added to URL when Verbose option is selected
Example Prod05 URL with "2 weeks" time range and Verbose selected
https://defense-prod05.conferdeploy.net/settings/auditlog?s[fromRow]=1&s[maxRows]=200&s[searchWindow]=TWO_WEEKS&s[sortDefinition][fieldName]=TIME&s[sortDefinition][sortOrder]=DESC

Resolution

This article will be updated once a fix is available. Work to fix this issue is being tracked under DSER-26743 and DSER-35817.

Additional Notes

Workaround to View and Export Verbose Audit Log Entries

  1. Log into Carbon Black Cloud Console
  2. Go to Settings > Audit Log
  3. Manually add Verbose criteria (&s[c][VERBOSE_ENTRIES][0]=true) to end of URL
    Building from Example above, add "&s[c][VERBOSE_ENTRIES][0]=true"
    Example prod05 URL with 3 month time range and Verbose selected
    https://defense-prod05.conferdeploy.net/settings/auditlog?s[fromRow]=1&s[maxRows]=200&s[searchWindow]=TWO_WEEKS&s[sortDefinition][fieldName]=TIME&s[sortDefinition][sortOrder]=DESC&s[c][VERBOSE_ENTRIES][0]=true
  4. Press Enter/Return to reload page
  5. Verbose entries are displayed and can be exported

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-13-2021
Views:
407
Contributors