This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi there,
The Sentinel Connector for Carbon Black Cloud appears to be obsolete.
I pulled it from the content hub and installed it.
It uses an azure function.
The function is pointing to an obsolete api.
Has anyone made this work?
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 79%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPT%3C/text%3E%3C/svg%3E)
......
I can ask around internally. There is a stand alone S3 connector that might work for now. There is also a Ratings & Reviews tab that you might use to inform the author. There is also a general feedback form on the main solution page.
I wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
thanks Andrew.
I'm very willing to work with the author to troubleshoot this.
In the meantime I'm submitting a bug ticket to github.
Thank you for following up on this! Since you'll be working with the author to troubleshoot this and submitting a bug to GitHub, if you have any other questions please let us know.
Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
An update to the Carbon Black connector (Azure Functions' App) was released when the older APIs were deprecated/deactivated.
The current Azure Functions' App uses the APIs documented here:
https://developer.carbonblack.com/reference/carbon-black-cloud/cb-defense/latest/rest-api/
Get Audit Log Events
GET /integrationServices/v3/auditlogs
Get Notifications
GET /integrationServices/v3/notification
In addition, it also ingests EDR Events published to an S3 bucket. Configuration of the bucket is documented here - https://developer.carbonblack.com/reference/enterprise-response/connectors/event-forwarder/event-forwarder-s3-bucket-configuration/
Are you suggesting that these APIs are obsolete?
Apologies for not replying with an update on this.
I figured it all out and posted a blog about how to make it work here: