Hosted EDR: URL shows "CB Response Cloud is currently undergoing maintenance and will be back shortly" after using the console to execute a query.
search cancel

Hosted EDR: URL shows "CB Response Cloud is currently undergoing maintenance and will be back shortly" after using the console to execute a query.

book

Article ID: 289168

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • EDR Console was working, a query was executed and the Console now shows the Maintenance Mode screen
  • Writing complex or expensive queries or watchlists before the Console became unavailable.

Environment

  • Hosted EDR: All Versions

Cause

  • SOLR database is overwhelmed by a specific malformed or expensive query and the Hosted EDR Health Check monitoring service indicates there is problem and the installation automatically goes into Maintenance Mode.

Resolution

Use the built-in Cb Response search query builder utility to write queries in the proper SOLR format, so they are not too expensive or malformed and cause a system outage.

Additional Information

  • Poorly formed queries that do not use the specific fields (process_name:, etc) will cause the system to search for the requested information against every field, which can cause delays and timeouts.
  • Leading wildcard queries can have the same effect, causing the system to search fields for information. (Example: *.*)
Powered by Wolken Software