Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How to import/export feeds to an airgapped EDR instance?

EDR: How to import/export feeds to an airgapped EDR instance?

Environment

  • EDR: All Supported

Objective

How can we export and import feeds into an airgapped EDR instance?

Resolution

  • In the 7.5.0 EDR the /usr/share/cb/cbfeed_airgap script was implemented: 
usage: cbfeed_airgap [-h] [-v] [-p EDR_PORT] {import,export} ...

VMware Carbon Black EDR feed import/export utility for air-gapped systems

positional arguments:
  {import,export}       Commands
    import              Import feeds from disk
    export              Export feeds to disk

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Provide more detailed output
  -p EDR_PORT, --port EDR_PORT
                        EDR port (default: 443)
  • Much like other EDR airgapped functions, this item will require a networked EDR instance to pull the appropriate feeds.
  • To export feeds:
/usr/share/cb/cbfeed_airgap export
  • To export feeds with custom UI port 8443
Example:
/usr/share/cb/cbfeed_airgap -p 8443 export
  • Transfer feeds directory over to airgapped machine (export directory default: /tmp/cbfeeds_airgap)
  • To import feeds:
/usr/share/cb/cbfeed_airgap import -f /tmp/cbfeeds_airgap/


 

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎08-11-2021
Views:
1789
Contributors