• Check that the API keys are of the
correct key type.
• Check that the "Custom" Type API key has the
necessary permissions.
• Make sure the "Custom" and "API" Type Credentials are not switched up.
• Check if Polling under Settings > Data sub-tab is enabled.
• Make sure the respective Alerts type(s) (CB Analytics Alerts, Device Control Alerts, Watchlist Alerts) under Settings > Data sub-tab are enabled.
• If you use the Built-in input, make sure "Minimum Successful Events for Autodetection" in the Log Source Type configuration is set low enough. Details on how to set it up are available in step 4. of the
Installation & User Guide > Log Source Type Configuration.
• Once the app makes contact with the Carbon Black Cloud, it will start polling data. It might take a few minutes until QRadar starts recognising the incoming records as Carbon Black Cloud data. All data polled in the interim will be displayed in the Log Activity page as "Unknown log event" collected by "SIM Generic Log DSM-7".