Environment

• Carbon Black Cloud: 02-Mar-2023 and later
• Carbon Black Cloud Sensor (Linux): v2.12.x.x and Higher
• Carbon Black Cloud Sensor (macOS): v3.5.3.x and Higher
• Carbon Black Cloud Sensor (Windows): v3.6.0.x and Higher

Question

Type: CB Analytics
Category: Threat
Severity: 10
Status: Ran
Reason: ...without fully operational sensors, likely due to your organization's firewall, proxy, or network settings...

Answer

• These Alerts are in relation to Sensors which are reporting errors in downloading the Content Manifests from content.carbonblack.io
• Devices which are having issues with getting Content Manifests should be considered only partially functional or not fully protected, and they should be remediated as soon as possible

Additional Notes

• It is possible to search just for these Alerts in order to speed up the review process

  threat_id:4444A5745019BA07569170443EB7DC3F AND reason_code:CONTENT_CONNECTION_ERROR

• There previously were in-product notifications (IPNs) sent out to impacted customers, and these Alerts have been added as this allows the information to be available in a SIEM or via email Notifications
• If these Alerts are not present in your environment then either you have no Sensors with this issue or the Alerts have not yet been added to your organization in the Carbon Black Cloud Console UI
  • These Alerts will eventually be made available to all customers, but we are performing a phased rollout

Related Content