VMware Carbon Black Cloud (using Function app) data connector not ingesting full three type of logs - Sentinel

[laylavo]

Describe the bug
A clear and concise description of what the bug is.

In VMware Carbon Black Cloud data connector, there are three types of logs: CarbonBlackEvents_CL, CarbonBlackAuditLogs_CL, CarbonBlackNotifications_CL

After deploy Azure Function app successfully, only one CarbonBlackAuditLogs_CL appears in LAW:

To Reproduce
Steps to reproduce the behavior:

• Deploy Azure Function App
• In Carbon Black Log Types, I have type: Audit, Events, Alert
• The deployment successful.
• Check the Function Apps details, there is no errors

Please advice!

[v-sudkharat]

Hi @laylavo, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 15-05-2024. Thanks!

[laylavo]

hi @sudkharat, may i know is there any updates ?

[v-sudkharat]

Hey @laylavo, We need more time to check and investigate into this issue. Thanks!

[laylavo]

may i know the deadline because my cx pushes to update. Thanks

[v-sudkharat]

Sure, we will share update you by- 23-05-2024. Thanks!

[v-sudkharat]

Hi @laylavo, The CarbonBlackNotifications_CL is got deprecated as per Document and there is new Alert API to get Alert information. The API required the CarbonBlackOrgKey filed configured in the Environment Variable section of Function App. So kindly check on the below Highlighted parameter screenshot and fetch org_key details screenshot: -

org_key in console side:-