When using the sensorsearch command included as part of the VMware Carbon Black EDR On-Prem App I get a Python ValueError and only a small number or no results (depending on the query).

For example, the following query for all sensor information:

| sensorsearch

Which should return details of all sensors, instead returns details on between 5-20 sensors and the following stack trace:

   Error: error searching for None in Cb Response: invalid literal for int() with base 10: ''
   stacktrace: Traceback (most recent call last):
  File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbhelpers.py", line 120, in transform
    yield self.generate_result(result)
  File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\sensor_search.py", line 63, in generate_result
    result = super(SensorSearchCommand, self).generate_result(data)
  File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbhelpers.py", line 103, in generate_result
    rawdata = dict((field_name, getattr(data, field_name, "")) for field_name in self.field_names)
  File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbhelpers.py", line 103, in <genexpr>
    rawdata = dict((field_name, getattr(data, field_name, "")) for field_name in self.field_names)
  File "C:\Program Files\Splunk\etc\apps\DA-ESS-CbResponse\bin\cbapi\models.py", line 101, in __get__
    return coerce_type(value)
ValueError: invalid literal for int() with base 10: ''

Testing the API directly via curl using the same API key returns the expected results.

The app is installed on a search head running Splunk v7.2.5.1 on Windows Server 2016.

Version information:

• Splunk: v7.2.5.1 on Windows Server 2016
• VMware Carbon Black EDR On-Prem App: 2.1.4
• Carbon Black Response/EDR on prem server version: 7.4.1

Any help greatly appreciated.