EDR: Event Forwarder Sending Events with No Type
Article ID: 288028
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
When a sensor is isolated there are events sent with an empty type from the event forwarder
Environment
- EDR: All versions
- Event Forwarder: 3.7.4 and below
Cause
Isolated sensors send a NetconnBlock2 event that does not have a routing type
Resolution
Upgrade to cb-event-forwarder 3.7.5 or higher
Feedback
Yes
No
Powered by
