CB Defense: API bulk query returns device with all null or none values except for email attribute
search cancel

CB Defense: API bulk query returns device with all null or none values except for email attribute

book

Article ID: 290603

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • API bulk query returns device with all null or none values except for email attribute 
  • The query itself does not crash and continues to return a validly formatted JSON result set; however, if the query is included as part of a JSON script then the script may crash if 'deviceName': None

Environment

  • CB Defense PSC Console: All Versions
  • CB Defense Sensor: All Versions
  • Microsoft Windows: All Supported Versions
  • Apple MacOS: All Supported Versions

Cause

  • Devices in the "pending" state will have 'deviceName': None in API bulk query results 
  • Devices appear in the "pending" state when "Send installation request" is used to send an email to a user for sensor install 
  • The API does not currently include enough metadata to make this obvious that the device is in the pending state (i.e. it's really an invite for a device that doesn't exist yet)

Resolution

To workaround this issue, please filter out devices where 'lastCheckInTime': None, as that means the device has never contacted the backend, likely in the "pending" state, and the sensor hasn't actually been installed yet

Additional Information

https://community.carbonblack.com/t5/Knowledge-Base/Cb-Defense-How-To-Export-All-Devices-Using-API/ta-p/40798
Powered by Wolken Software