logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Error when adding Threat Feed: "Server error due to malformed syntax"

EDR: Error when adding Threat Feed: "Server error due to malformed syntax"

Environment

  • EDR 7.x and Higher
  • CBAPI

Symptoms

When creating a new Threat Intelligence Feed (EDR web interface > Threat Intelligence > Add new Feed), an error is returned: "Server error due to malformed syntax"

Cause

The provided Feed URL does not contain data with the current syntax or format.  

Resolution

  1. Refer to the EDR User Guide:
A threat intelligence feed can be created in any language that allows for building JSON, or you can build it by hand. One way to build a feed is to use the Carbon Black Feeds API (CBFAPI), which is located on github at:

https://github.com/carbonblack/cbfeeds.

The CBFAPI is a collection of documentation, example scripts, and a helper library to help create and validate Carbon Black EDR feeds. Regardless of how a feed is created, the feed file must match the feed structure (or schema) that the Feed Structure section of the CBFAPI documentation defines.
  1. Refer to the CBAPI documentation on GitHub for specific information on the required feed format

Related Content


Labels (2)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎05-04-2023
Views:
320
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.