App Control: How to troubleshoot a Network Connector issue
Article ID: 289394
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Troubleshooting steps to triage a network connector issue.
Environment
- App Control: All Versions
- All supported network connectors (FireEye, Palo Alto Network, Check Point)
Resolution
- Confirm that the network connector is supported version using the Supported Integration document here.
- Verify if there are other security application on the system and exclusions per.
- Please provide the following:
- The behavior or symptoms
- Did it work before
- When the issue started
- What changed around the time that the issue started
- Any error message
- Any Proxy/Firewall setting change
- Try restarting the following services and check if the issue continues:
- App Control Server service
- App Control Reporter service
- App Control Connector for Check Point service (if issue is related to Check Point)
- Collect logs:
- Collecting Logs for Troubleshooting (Cb Protection Server)
- Screenshot of the connector setting from the console (System Configuration > Connector)
- For FireEye, debug.log and error.htm from %Program Files%\bit9\Integrations\FireEye\listener\ folder
- Please provide the results from this query:
use das select * from dbo.antibody_analysis_providers
- On this query provide the results and check the analysis_param column to verify if it has a NULL entry or if it specifies which network connector is supposed to provide the analysis.
use das select * from dbo.antibody_analysis_files where status = "Error"
- If the issue is related to upload, verify that the source endpoint is online and the repository folder is available.
- If the issue is related to permission, verify that the account for the repository folder has proper permission to read/write/delete.
- If using an Event Rule to trigger file analysis on the network connector, please provide the details of the rule and verify the settings.
Feedback
Yes
No
Powered by
