Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

EDR Server: All versions

Objective

Execute an immediate Threat Intelligence feed sync to download latest threat intelligence for all feeds.

Resolution

For 6.2.1 and earlier EDR server versions, execute as root (master only on a cluster)

/usr/bin/python -m cb.maintenance.job_runner --master -s feed_sync --full-sync

For 6.2.2 and later EDR server versions, the "Sync all" option is available on the Threat Intelligence page under Actions

Additional Notes

Replace "-s" with "-vvv" in the commands when verbose output is required for validation. Using "-s" will generate a silent feed sync, while "-vvv" will generate verbose feed sync output.
If there are errors faced using the sync all option, there may be command options however utilising the console should be the first option

Related Content

EDR: How to tag/untag feed binaries and events
Synchronize Threat Intelligence Feeds

Article Information

Author:

Creation Date:

‎09-19-2018

Views:

1492

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.