EDR: Watchlists not creating alerts with proxy
Article ID: 290085
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Watchlists are not generating alerts despite possible hits
- /var/log/cb/job-runner/job-runner.log shows 403s during watchlist_search
-
Request to http://localhost:8080/solr/cbfeeds/select failed with error <403 - MediaTypeBlocked>
-
Environment
- EDR Server: 6.x (formerly CB Response)
- Proxy configured
Cause
The proxy is not bypassing localhost/127.0.0.1, so internal communications are blocked
Resolution
Update the proxy settings to bypass localhost
Additional Information
- Typically the proxy setting will be stored in a script under /etc/profile.d, such as proxy.sh, which will set the environment each time. The bypass setting would look like
- export no_proxy="127.0.0.1, localhost"
Feedback
Yes
No
Powered by
