Version

Cb Response 5.x.

Issue

Cb Response hasn't been configured correctly.

Symptoms

Connector getting error on launch or in wildfire.log:

SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:590).

Solution

Check that error log and connector configuration

/var/log/cb/integrations/wildfire/wildfire.log /etc/cb/integrations/wildfire/connector.conf

Repository Exists

Check that /etc/yum.repos.d/CbOpenSource.repo exists with correct content

If it does not, enter the following command:

curl -O https://opensource.carbonblack.com/release/x86_64/CbOpenSource.repo

SSL mismatch

/etc/cb/integrations/wildfire/connector.conf

Cloud based

wildfire_server_sslverify=1

wildfire_verify_ssl=true

Leave this line commented out:

; wildfire_url=https://my.local.wildfire.appliance

Local Based

wildfire_server_sslverify=0

wildfire_verify_ssl=false

Replace <https://my.local.wildfire.appliance> with correct url:

wildfire_url=<https://my.local.wildfire.appliance>

Invalid API Token

Make sure API Token matches with “carbonblack_server_token” setting in connector.conf file

sudo psql cb -p 5002 -c "select id,username,firstname,lastname,global_admin,auth_token from cb_user;"

Server still not accessible

If you are still receiving the error, check if there is a local proxy or firewall that is blocking the traffic.

Proxy

See if a Proxy is configured for the Alliance server under /etc/cb/cb.conf

We can check for a local proxy with:

cat /etc/environment printenv |grep -i proxy env |grep -i proxy

Firewall

Check network traffic to see if a firewall blocking access to wildfire.

Note: After making any changes to the wildfire connector configuration, it can be restarted with:

service /etc/init.d/cb-wildfire-connector stop service /etc/init.d/cb-wildfire-connector start