@Minghui Zou The Carbon Black connector for VMWare is still in preview and it seems the EVENT API on Carbon black side is deprecated : https://developer.carbonblack.com/reference/carbon-black-cloud/cb-defense/deprecated/rest-api/
The changes required might take some time till it reaches is public launch in Sentinel connector.
You might want to explore this Custom API key option and see if that will work for you : https://developer.carbonblack.com/reference/carbon-black-cloud/authentication/#creating-an-api-key
This URL also might come in handy while you try above : https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-What-URLs-are-used-to-access-the-APIs/ta-p/67346
If you need exact investigation details, you might have to open a support case for this.
-----------------------------------------------------------------------------------------------------------------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.