Carbon Black Cloud: How To Troubleshoot QRadar Integration Issues
search cancel

Carbon Black Cloud: How To Troubleshoot QRadar Integration Issues

book

Article ID: 291692

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Here are some steps to follow when troubleshooting a QRadar SIEM integration through initial setup or one that has stopped receiving events from the console with no changes to the environment.

Environment

  • Carbon Black Cloud Console: All Versions
  • VMware Carbon Black Cloud App for IBM QRadar: Version 2.0.0
  • IBM QRadar: Version 7.3.3 Patch 6 and higher

Resolution

  1. Please follow the Installation and User Guide to ensure the integration has been setup correctly
  2. Verify that you are using the most up-to-date version of the CBC QRadar app
  3. Confirm that API keys and permissions are configured properly in the Carbon Black Cloud console, and that the correct API key is used in the Qradar app configuration
  4. Review the troubleshooting FAQ for any known issues
  5. Check inline network security controls for drops, blocks and pops
  6. Open a case with Carbon Black Technical Support and provide Qradar app logs and screenshots of all app configurations
Powered by Wolken Software