CB Response Cloud: /api/v1/alert calls are inefficient
Article ID: 291639
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Slower-than-normal web browsing experience on the CB Response Cloud UI.
Environment
- CB Response Cloud: 6.x and Higher
- Actively using the API integration
- cbapi: 1.4.2 and older
- REST API
Cause
Excessive use of the /api/v1/alert can lead to an unusually high CPU usage, which in turn could create a slower-than-normal web browsing experience in the CB Response Cloud UI. The "v1" alert calls are inefficient, resulting in queries that consume the solr cores multiple times every time the call is made.
Resolution
If using the cbapi, upgrade the cbapi package on any server(s) running integration scripts to version 1.4.3 or newer:
If using the REST API for /api/v1/alert GET requests, use /api/v2/alert instead.
# pip install --upgrade cbapi
If using the REST API for /api/v1/alert GET requests, use /api/v2/alert instead.
Additional Information
- As always, please test integration changes on a dev machine first.
- The output of the v1 and v2 API call are different. If there's a need to upgrade to V2, the integration code may need to change.
Feedback
Yes
No
Powered by
