Access official resources from Carbon Black experts
Cb Response 5.x.
Cb Response hasn't been configured correctly.
Connector getting error on launch or in wildfire.log:
SSLError: [SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:590).
Check that error log and connector configuration
/var/log/cb/integrations/wildfire/wildfire.log
/etc/cb/integrations/wildfire/connector.conf
Check that /etc/yum.repos.d/CbOpenSource.repo exists with correct content
If it does not, enter the following command:
curl -O https://opensource.carbonblack.com/release/x86_64/CbOpenSource.repo
/etc/cb/integrations/wildfire/connector.conf
Cloud based
wildfire_server_sslverify=1
wildfire_verify_ssl=true
Leave this line commented out:
; wildfire_url=https://my.local.wildfire.appliance
Local Based
wildfire_server_sslverify=0
wildfire_verify_ssl=false
Replace <https://my.local.wildfire.appliance> with correct url:
wildfire_url=<https://my.local.wildfire.appliance>
Make sure API Token matches with “carbonblack_server_token” setting in connector.conf file
sudo psql cb -p 5002 -c "select id,username,firstname,lastname,global_admin,auth_token from cb_user;"
If you are still receiving the error, check if there is a local proxy or firewall that is blocking the traffic.
Proxy
See if a Proxy is configured for the Alliance server under /etc/cb/cb.conf
We can check for a local proxy with:
cat /etc/environment
printenv |grep -i proxy
env |grep -i proxy
Firewall
Check network traffic to see if a firewall blocking access to wildfire.
Note: After making any changes to the wildfire connector configuration, it can be restarted with:
service /etc/init.d/cb-wildfire-connector stop
service /etc/init.d/cb-wildfire-connector start
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.