Access official resources from Carbon Black experts
cd /etc/yum.repos.d curl -O https://opensource.carbonblack.com/release/x86_64/CbOpenSource.repo2. Install the cb-yara-connector
yum install python-cb-yara-connector3. Install the cb-yara-manager (optional)
yum install python-cb-yara-manager
psql cb -p 5002 -c “select username, auth_token from cb_user where global_admin=true;”2. Create the yara-configuration file
cd /etc/cb/integrations/yara/ mv connector.conf.example to yaraconnector.conf vi /etc/cb/integrations/cb-yara-connector/yaraconnector.conf3. Modify yaraconnector.conf
mode=standalone (for EDR cluster and EDR standalone environments distribution comms now use EDR redis) cb_server_url=https://127.0.0.1 cb_server_token=< API TOKEN from step B1 GOES HERE > broker_url=redis://127.0.0.1:6379 numb_days_binaries=365 (default is best; initial scan span) database-scanning_interval=900 (default is best; cannot be less than 360)4. Use the default rule (already included) to get cb-yara-connector working, then add rules later.
systemctl stop cb-yara-connector systemctl status cb-yara-connector systemctl start cb-yara-connector6. Enable the Threat Intelligence Yara Feed tile.
EDR Console > Threat Intelligence > Yara tile Click "Enabled". Notifications > "Create Alert"
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.