Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Response: Ingress Filtering With Non Standard UI/API Port

Cb Response: Ingress Filtering With Non Standard UI/API Port

Environment

  • Cb Response Server On Premise: 6.x and above
  • RHEL: All supported versions
  • CentOS: All supported versions

Objective

Implement ingress filters on Cb Response servers using a Web UI/API port other than 443 (e.g. 8443)

Resolution

Modify the ingress filter syntax from 'localhost' to '127.0.0.1:8443'

curl -XPOST -H "X-Auth-Token: <API-Token-Here>" -H "Content-Type: application/json" "https://localhost/api/v1/ingress_whitelist" -k -d '

[

  {

    "id":"test2",

    "global": false,

    "group_ids": [1, 2],

    "os_mask":1,

    "path_filters":["*\\unimportant.exe"]

  }

]'

TO

curl -XPOST -H "X-Auth-Token: <API-Token-Here>" -H "Content-Type: application/json" "https://127.0.0.1:8443/api/v1/ingress_whitelist" -k -d '

[

  {

    "id":"test2",

    "global": false,

    "group_ids": [1, 2],

    "os_mask":1,

    "path_filters":["*\\unimportant.exe"]

  }

]'

Additional Notes

Changing the 'localhost' field to '127.0.0.1:8443' is necessary for the filter to be interpreted correctly

Related Content

Ingress Filter Details - Carbon Black Developer Network

Cb Response: 6.x Ingress Filtering Fields

Cb Enterprise Response - Managing Retention.pdf

How To Determine Chatty Processes/Hosts in CbEvents

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎06-27-2018
Views:
718
Contributors