What are these Severity 10 Alerts for devices "without fully operational sensors"?
Article ID: 292087
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
What are these Alerts that mention devices being "without fully operational sensors" as part of the Reason?
Type: CB Analytics Category: Threat Severity: 10 Status: Ran Reason: ...without fully operational sensors, likely due to your organization's firewall, proxy, or network settings...
Environment
- Carbon Black Cloud: 02-Mar-2023 and later
- Carbon Black Cloud Sensor (Linux): v2.12.x.x and Higher
- Carbon Black Cloud Sensor (macOS): v3.5.3.x and Higher
- Carbon Black Cloud Sensor (Windows): v3.6.0.x and Higher
Resolution
- These Alerts are in relation to Sensors which are reporting errors in downloading the Content Manifests from content.carbonblack.io
- Please refer to the KB Is access to content.carbonblack.io required?
- Devices which are having issues with getting Content Manifests should be considered only partially functional or not fully protected, and they should be remediated as soon as possible
Additional Information
- It is possible to search just for these Alerts in order to speed up the review process
threat_id:4444A5745019BA07569170443EB7DC3F AND reason_code:CONTENT_CONNECTION_ERROR
- There previously were in-product notifications (IPNs) sent out to impacted customers, and these Alerts have been added as this allows the information to be available in a SIEM or via email Notifications
- If these Alerts are not present in your environment then either you have no Sensors with this issue or the Alerts have not yet been added to your organization in the Carbon Black Cloud Console UI
- These Alerts will eventually be made available to all customers, but we are performing a phased rollout
Feedback
Yes
No
Powered by
