Environment
Symptoms
- Getting hits in Watchlists, feeds or queries for old VirusTotal reports
Cause
This is expected behavior not that the VirusTotal feed was deprecated in Cb Response and the feed is no longer updates via the CDC.
Resolution
- Enable the Cb Reputation Threat feed, instructions on page 253 of the user's guide:
- Replace all instances of alliance_score_virustotal: in wachlists, custom feeds and saved queries with alliance_score_srsthreat:
Related Content
A full explanation of the VirusTotal feed deprecation can be found here: [Complete ] VirusTotal Threat Feed in Cb Response is being deprecated in favor of the Cb Reputation ...