CB Response: How to verify when the event-forwarder pulls events from Response
Article ID: 290640
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Determine when an event was received by the event-forwarder
Environment
- CB Response Server: All Versions
- CB Event-Forwarder: 3.4
Resolution
If saving incoming events to event_bridge_output.json, the event, along with the save time can be found there.
Additional Information
- Verifying when the event has reached the event-forwarder will help narrow down delays between CB Response and SIEM alerts
Feedback
Yes
No
Powered by
