The App Control server creates a hidden token that the Carbon Black EDR server uses to send back watchlist hits. This token is not visible in the console of either product, but can be retrieved from the database.
You can also enter the token manually on the Carbon Black EDR side for diagnostic purposes. If you think this token was compromised, or if your configuration stops working (for example, because the Carbon Black EDR server lost the token due to a reinstall or a manual token change), you can regenerate a new key.
To regenerate the authorization key for server communications:
-
In the App Control console:
-
If you are running v7.2.3, select Administration > System Configuration and click the Licensing tab.
-
If you are running v8.0.0 or higher, click the Administration (gear) icon, select System Configuration, and click the Licensing tab.
-
-
In the Carbon Black EDR panel, uncheck the Receive Watchlist Events box and click the Update button.
-
Check the Receive Watchlist Events box and click the Update button. A new key is generated.
-
Verify that there is a successful connection.