CB Response: Events no longer forwarded to QRadar

CB Response: Events no longer forwarded to QRadar

search cancel

CB Response: Events no longer forwarded to QRadar

book

Article ID: 290619

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Events are no longer ingested by QRadar
Service cb-event-forwarder no longer running
Cannot start cb-event-forwarder

Environment

CB Response Server: 6.2.2
CB Event-Forwarder
QRadar

Cause

The API token in /etc/cb/integrations/event-forwarder/cb-event-forwarder.conf is no longer valid

Resolution

Copy API token from user UI under Username > Settings > API Token
Edit /etc/cb/integrations/event-forwarder/cb-event-forwarder.conf
Restart the event-forwarder

Feedback

thumb_up Yes

thumb_down No