logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Script airgap_feed.py Assumes Default Admin Is Enabled

EDR: Script airgap_feed.py Assumes Default Admin Is Enabled

Environment

EDR Server: 7.x

Symptoms

  • The command 'python3 /usr/share/cb/airgap_feed.py import -f /feeddump' produces the error:

File "/usr/share/cb/virtualenv/lib64/python3.8/site-packages/requests/models.py", line 941, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: UNAUTHORIZED for url: https://127.0.0.1:443/api/v1/feed”


Cause

  • The airgap_feed.py script relies on the default admin to be enabled:
cur.execute("select auth_token from cb_user where global_admin is true order by id limit 1;")

 

Resolution

  • Adding 'AND deleted is false' to the above line in airgap_feed.py script uses the auth_token from the first enabled global admin.
cur.execute("select auth_token from cb_user where (global_admin is true AND deleted is false) order by id limit 1;")

 

Additional Notes

  • CB-??

Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎06-15-2021
Views:
253
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.