EDR Unified View: permission issues with /#/cluster/cluster_id api endpoint
search cancel

EDR Unified View: permission issues with /#/cluster/cluster_id api endpoint

book

Article ID: 290000

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

When using a non-admin Unified View account, user navigating to https://$your_unified_view_server/#/cluster/1/threat-details/4/49760e2e-c1e4-42e9-8157-4084ff002bcc (or similar) are instead redirected to /profile.

Environment

  • EDR Unified View: All Versions
  • EDR Server: All Versions

Cause

The /#/cluster/cluster_id api endpoint was designed to be an internal only endpoint, and was not designed to be a customer facing.

Resolution

The two solutions/workarounds for this are:
  1. We created an internal ticket to improve customer support for the api endpoint, tracked as CB-34590. Once CB Support has a target release date or version, this section will be updated to include it.
  2. Before clicking on the hyperlink (in this example, https://$your_unified_view_server/#/cluster/1/threat-details/4/49760e2e-c1e4-42e9-8157-4084ff002bcc), first "browse" to the cluster id (in this case, cluster_id 1), then strip out the /cluster/id part of the URL. Your URL will become:  https://$your_unified_view_server/#/threat-details/4/49760e2e-c1e4-42e9-8157-4084ff002bcc).
Powered by Wolken Software