IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

SIEM Connector is occasionally falling behind

SIEM Connector is occasionally falling behind


Cb Defense (formerly Confer) - All


SIEM Connector is occasionally falling behind.


Notification received from SIEM Connector are delayed.


The current architecture of the SIEM connector is such that it polls the sever for new events on a fixed interval (5 min default/recommended) and downloading a fixed number of events each time. Occasional burst in event volume may case connector to fall behind, because there are too many events queued up on the server side.


In many cases, the SIEM connector will catch up over a period of time as the volume of events goes down back.

In some cases, adjusting the poll interval (not less than 5 minutes) and/or download size may be needed to make the connector catch up.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: