CB Response: Event Forwarder fails to send events to Alien Vault

CB Response: Event Forwarder fails to send events to Alien Vault

search cancel

CB Response: Event Forwarder fails to send events to Alien Vault

book

Article ID: 287780

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Event data to Alien Vault fails at the receiver with SSL errors.
Error during Event Forwarder startup:

time="DATE" level=info msg="Enforcing minimum TLS version 1.2" 
time="DATE" level=info msg="Raw Event Filtering Configuration:" 
time="DATE" level=fatal msg="Error connecting to 'tcp+tls:IP:6514': dial tcp IP:6514: connect: connection refused"

Environment

CB Response Event Forwarder: 3.X and higher

Cause

Firewall/Appliance denying the event data packets at the receiver's side.

Resolution

Check the receiver's firewall/appliances to confirm they are not denying the SSL connection.
Confirm the correct IP/Port has been configured in the event forwarder configurations on the Response Server

Feedback

thumb_up Yes

thumb_down No