Occasionally observe a few hours delay between Carbon Black Cloud Console and S3 Bucket
Article ID: 289916
Updated On:
Products
Carbon Black Cloud Endpoint Standard
Carbon Black Cloud Enterprise EDR
Carbon Black Cloud Audit and Remediation
Carbon Black Cloud Container
Carbon Black Cloud Workload
Carbon Black Cloud Prevention
Carbon Black Cloud Managed Threat Hunting
Carbon Black Cloud Managed Detection and Response
Issue/Introduction
- Occasionally observe Carbon Black Cloud Console event messages take a few hours before they export to the to the S3 Bucket
- No event data is lost.
- Carbon Black Cloud Console event messages remained up to date at all times
Environment
- Carbon Black Cloud Console: Current Versions
Cause
- The event messages are augmented with additional data and moved to a data stream before the notification can be indexed.
- This is a queued process which may result in a backlogs and occassionally a subsequent delay in the processing.
- If this delay happens, and the record may not make it to the notification index in time before the S3 bucket pulles the data. If this happens, it will be picked up in the next pull.
Resolution
- Occasional delays between Carbon Black Cloud Console and S3 Bucket are normal and expected.
- However, if the 3S bucket is no longer receiving event log messages or event log messages are missing, this is a separate issue and a Support Case should be opened so that we can investigate this issue further
Additional Information
Before opening a case, please ensure that events are not missing because of S3 bucket event filtering
Feedback
Yes
No
Powered by
