Cb Response: Cb-Event-Forwarder stopped working (API token)
book
Article ID: 287984
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Environment
- Carbon Black Response: All Versions
- Cb-Event-Forwarder: All Versions
Cause
API token has been reset
Resolution
- Run the following in Terminal of the server with cb-event-forwarder installed to confirm the error message
/usr/share/cb/integrations/event-forwarder/cb-event-forwarder -check
- Log in as a Global Admin user and navigate to User Settings > API Token
- Copy the API token into /etc/cb/integrations/cb-event-forwarder/cb-event-forwarder.conf
# The API Token used when querying the Cb Response REST API
api_token=
- Save cb-event-forwarder.conf
- Restart Cb Event Forwarder
Feedback
thumb_up
Yes
thumb_down
No