EDR: Alliance Communication Failing With 602s

search cancel

EDR: Alliance Communication Failing With 602s

book

Article ID: 290364

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Server Communication Status for Threat Intel is Red
The allianceclient_comm_history table shows 602s in between 200s

Environment

EDR: All Versions
Clustered

Cause

Communication between one of the nodes on the cluster failed to communicate with Alliance at some point.

Resolution

Verify communication between each node to the server can be established. Please check output file and also sysout.

curl --cert /etc/cb/certs/carbonblack-alliance-client.crt --key /etc/cb/certs/carbonblack-alliance-client.key https://api.alliance.carbonblack.com:443/api/v1/feeds/ > /dev/null

openssl s_client -connect threatintel.bit9.com:443 -msg -cert /etc/cb/certs/carbonblack-alliance-client.crt -key /etc/cb/certs/carbonblack-alliance-client.key -debug

2. Restart the cluster

Additional Information

This behavior can also cause 601 errors with alliance if not all the minions can communicate

Feedback

thumb_up Yes

thumb_down No