Carbon Black Cloud: Alerts sent to S3 contain a different category value than UI or API
Article ID: 292266
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Alerts forwarded to S3 contain a category value of "WARNING" or "NOTICE" while the UI/API show "THREAT" or "MONITORED"
- Searching alert_category in UI for WARNING or NOTICE returns no results
Environment
- Carbon Black Cloud Console: All Verisons
- Alert Forwarding to S3
- API v6
Cause
A design gap in the way information is sent between the alert forwarder and API
Resolution
- Future versions of the alert forwarder will be updated to show "THREAT" or "MONITORED" in the category
- When searching for categories, convert the values depending on the environment
|
Alert Forwarder (category)
|
UI (alert_category)
|
API v6 (category)
|
|
WARNING
|
THREAT
|
THREAT
|
|
NOTICE
|
MONITORED
|
MONITORED
|
Additional Information
Legacy services used additional categories which are not used for any alerts including INFO, MINOR, SERIOUS, and CRITICAL
Feedback
Yes
No
Powered by
