CB Response: No New Alerts After Editing Watchlist
Article ID: 292468
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- No new alerts generated for a watchlist
- Alerts stopped after last watchlist update
- Event process document shows a tag for the watchlist
Environment
- CB Response Server: 6.4.0
Cause
The watchlist is recreated with a an ID that does not match the notification setting ID - CB-27880
Resolution
- This issue will be resolved in server 6.5.1
- Workarounds
- A service restart should resolve the issue
- If a restart is not possible
- Copy the query from the affected watchlist
- Delete the watchlist
- Create a new watchlist with the query and notification settings
Additional Information
- There will be no alerts tied to the watchlist. A query to cbalerts on the back-end will confirm if any alerts are associated with the watchlist.
Feedback
Yes
No
Powered by
