Environment
Symptoms
When creating a new Threat Intelligence Feed (EDR web interface > Threat Intelligence > Add new Feed), an error is returned: "Server error due to malformed syntax"
Cause
The provided Feed URL does not contain data with the current syntax or format.
Resolution
- Refer to the EDR User Guide:
A threat intelligence feed can be created in any language that allows for building JSON, or you can build it by hand. One way to build a feed is to use the Carbon Black Feeds API (CBFAPI), which is located on github at:
https://github.com/carbonblack/cbfeeds.
The CBFAPI is a collection of documentation, example scripts, and a helper library to help create and validate Carbon Black EDR feeds. Regardless of how a feed is created, the feed file must match the feed structure (or schema) that the Feed Structure section of the CBFAPI documentation defines.
- Refer to the CBAPI documentation on GitHub for specific information on the required feed format.
Related Content
