CB Response: Delay in email alerts
Article ID: 290187
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Email alerts are received hours to days after an event occurred
- UI Alert is generated hours to days before the email is sent
- Event shows as being ingested and tagged on the back-end several hours to days before
Environment
- CB Response Server: All Versions
- CB Response Sensor: All Versions
Cause
There is a delay in emails from the mail server sending alerts
Resolution
- The underlying issue on the mail server must be resolved
Additional Information
- Depending on the queue size, the issue may resolve itself over time
- If sensor backlog is large, event ingestion may cause delays in alerts. In this case both the UI and email alerts would be generated as soon as the event is ingested which would not match the time the event is seen on the sensor.
Feedback
Yes
No
Powered by
