Carbon Black Cloud: Receiving Notifications With Links to No Results for Observed Alerts
Article ID: 291434
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- One or more notifications (Settings > Notifications) configured prior to June 15 are using criteria for Observed Alert category.
- Email notifications for Observed Alerts contain a link back to the Console for an Alert ID with no results.
Environment
- Carbon Black Cloud Console: June '23 Release (1.15) and Higher
- Carbon Black Cloud Sensor: All Supported Versions
Cause
- As of June 15th, 2023, the Alerts v7 API has deprecated Observed Alerts, which are now instead displayed as Observations on the Investigate page.
- Notifications configured prior to this date continue to use the Alerts v6 API, though links to Observed Alerts are no longer valid.
Resolution
To stop receiving Notifications for Observed Alerts, any Notifications using "Alert category" criteria should be deleted and recreated using the new Notifications criteria format.
Additional Information
Any Notifications configured for Observed Alerts will continue to send emails with invalid links until the Notification is deleted and recreated or the Alerts v6 API is deprecated.
Feedback
Yes
No
Powered by
