EDR: Email is sending the incorrect URL with 7.7.1+
search cancel

EDR: Email is sending the incorrect URL with 7.7.1+

book

Article ID: 285711

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

The server URL being sent in the alert emails is incorrect

Environment

  • EDR Server: 7.7.1 and above
  • Email

Cause

In 7.7.1 and above, code was added to check for available network interface cards and utilize the correct one to pull the IP and get the hostname.

  • DNS server is returning the incorrect FQDN
  • /etc/hosts first <ip> <servername> entry is incorrect. 

Resolution

  1. Confirm your DNS server listed in /etc/resolv.conf are returning the correct FQDN based on the IP
  2. If this is returning an internal FQDN that is not accessible outside or need to work around what is being returned, update the /etc/hosts entry (127.0.0.1 will not work) 
    myip my_fqdn_servername
    example, notice the use of the actual IP and not just the loopback in the first line. : 
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 myservername
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.222.128 myservername

Additional Information

  • HEDR customers have been corrected as of 9/28/22
Powered by Wolken Software