Carbon Black Cloud: Error 500 if "Dismiss future instances of this alert on all devices in all policies" used
search cancel

Carbon Black Cloud: Error 500 if "Dismiss future instances of this alert on all devices in all policies" used

book

Article ID: 291926

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • Observing Error 500 if "Dismiss future instances of this alert on all devices in all policies" is used to dismiss alert
  • Alert is never dismissed

Environment

  • Carbon Black Cloud Console: All Versions

Cause

  • The Alert Dismissal request is an async process and may be first be "QUEUED", before the dismissal later goes through
  • This issue can happen when the Alert Dismissal requests build up and the CBC gets behind on the bulk dismissal processing queue

Resolution

  • VMware Carbon Black is working to ensure that alert dismissal queue remains clear to reduce potential delay in Alert Dismissals; However, should this issue be observed again in the future please Create a Support Case with the following information so we can investigate the issue further:
    • Har File collected when attempting to dismiss alert
    • Alert ID(s) which failed to dismiss
    • Screenshot of the Error Message
  • In the future, improvements will be made to ensure that dismissal requests are logged in the Audit Log at the time of the request, so that repeated Alert Dismissal requests for the same Alert ID are not made
Powered by Wolken Software