Good day to you all! Since a few days ago I have a problem with the Carbon Black Cloud Integration in Elastic 8.4.1 with Fleet server. The API's Keys happened to be working just fine, I received the alert and audit alerts, however one day in the middle of the day the alert data just stop working, I since then I am receiving just Audit logs. Here are some things that I've tried:
- I regenerate the API Keys form the Carbon Black Console
- I updated the Integration on the elastic Agent
- I restarted the elastic agent.
- I generate a API with all the admin permissions.
However none of those thigs work, the logs form the elastic agent show:
{"log.level":"info","@timestamp":"2023-04-04T09:39:58.243-0500","log.logger":"input.httpjson-stateless","log.origin":{"file.name":"httpjson/input.go","file.line":129},"message":"Process another repeated request.","service.name":"filebeat","id":"httpjson-carbon_black_cloud.audit-d48dd880-4040-4dda-994d-173be2df1789","input_url":"https://defense-prod05.conferdeploy.net/integrationServices/v3/auditlogs","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-04-04T09:39:58.925-0500","log.logger":"input.httpjson-stateless","log.origin":{"file.name":"httpjson/request.go","file.line":397},"message":"request finished: 0 events published","service.name":"filebeat","id":"httpjson-carbon_black_cloud.audit-d48dd880-4040-4dda-994d-173be2df1789","input_url":"https://defense-prod05.conferdeploy.net/integrationServices/v3/auditlogs","ecs.version":"1.6.0"}
Which indicates the audit logs connection is working just fine And the Alert Data log is nowhere to be found.
I appreciate any suggestions or theories of what is going on.