logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: ThreatConnect playbook connector not updating threat reports on incremental sync

EDR: ThreatConnect playbook connector not updating threat reports on incremental sync

Environment

  • EDR Server: All Versions
  • ThreatConnect Playbook Connector

Symptoms

  • The feeds for the ThreatConnect playbook connector only sync every 24 hours during the cron for the FULL sync.
  • Incremental syncs run via the cron job do not update the ThreatConnect threat reports

Cause

The timestamps in the ThreatConnect json data are not being updated correctly by ThreatConnect.

Resolution

The ThreatConnect playbooks must be setup to regularly update the timestamps in the json files when changes are applied. The feed sync job will only pull new infromation when the timestamp shows a value that is past the time it last synced.

Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
354
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.