Carbon Black Cloud Integration not working

Good day to you all! Since a few days ago I have a problem with the Carbon Black Cloud Integration in Elastic 8.4.1 with Fleet server. The API's Keys happened to be working just fine, I received the alert and audit alerts, however one day in the middle of the day the alert data just stop working, I since then I am receiving just Audit logs. Here are some things that I've tried:

  • I regenerate the API Keys form the Carbon Black Console
  • I updated the Integration on the elastic Agent
  • I restarted the elastic agent.
  • I generate a API with all the admin permissions.
    However none of those thigs work, the logs form the elastic agent show:

{"log.level":"info","@timestamp":"2023-04-04T09:39:58.243-0500","log.logger":"input.httpjson-stateless","log.origin":{"":"httpjson/input.go","file.line":129},"message":"Process another repeated request.","":"filebeat","id":"httpjson-carbon_black_cloud.audit-d48dd880-4040-4dda-994d-173be2df1789","input_url":"","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-04-04T09:39:58.925-0500","log.logger":"input.httpjson-stateless","log.origin":{"":"httpjson/request.go","file.line":397},"message":"request finished: 0 events published","":"filebeat","id":"httpjson-carbon_black_cloud.audit-d48dd880-4040-4dda-994d-173be2df1789","input_url":"","ecs.version":"1.6.0"}

Which indicates the audit logs connection is working just fine And the Alert Data log is nowhere to be found.
I appreciate any suggestions or theories of what is going on.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.