EDR: Watchlist Alerting When Alerts Are Disabled
Article ID: 287264
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Watchlist continues to alert even with "Create Alerts" checkbox disabled.
- Watchlist finally stops creating alerts days after the "Create Alerts" checkbox disabled.
Environment
- EDR Server: 6.5.2 and Higher
Cause
Setting for watchlist alerts still present in redis cache.
Resolution
Clear redis cache by restarting the redis service:
service cb-redis stop service cb-redis start
Additional Information
Restarting cb-enterprise services will also restart the redis service and clear the redis cache:
service cb-enterprise stop service cb-enterprise start
Feedback
Yes
No
Powered by
