Environment
EDR Server: 7.x
Symptoms
- The command 'python3 /usr/share/cb/airgap_feed.py import -f /feeddump' produces the error:
File "/usr/share/cb/virtualenv/lib64/python3.8/site-packages/requests/models.py", line 941, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: UNAUTHORIZED for url: https://127.0.0.1:443/api/v1/feed”
Cause
- The airgap_feed.py script relies on the default admin to be enabled:
cur.execute("select auth_token from cb_user where global_admin is true order by id limit 1;")
Resolution
- Adding 'AND deleted is false' to the above line in airgap_feed.py script uses the auth_token from the first enabled global admin.
cur.execute("select auth_token from cb_user where (global_admin is true AND deleted is false) order by id limit 1;")
Additional Notes