Carbon Black Cloud: Alert by ID API call fails to fetch events

search cancel

Carbon Black Cloud: Alert by ID API call fails to fetch events

book

Article ID: 289771

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

The API call to /integrationServices/v3/alert/<alert_id> fails to return the events that triggered that alert
The Events field on the alert object is an empty array
Results example (deviceinfo and threatinfo have been scrubbed in this example. Notice there is no data next to the Events filed):

{
    "orgId": 1234,
    "deviceInfo": {
        ...
    },
    "threatInfo": {
        ...
    },
    "events": [],
    "success": true,
    "message": "Success"
}

Environment

Carbon Black Cloud Console: All versions
- Endpoint Standard
Endpoint Standard REST API: Version 3
- Alerts API

Cause

Issue currently under investigation

Resolution

Carbon Black is currently investigating the root cause and fix for this issue

Feedback

thumb_up Yes

thumb_down No