logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

How large a licence should I buy for the Virustotal Connector?

How large a licence should I buy for the Virustotal Connector?

Environment

Cb Response 6.1.x

Objective

Determine the license size to purchase for the Virustotal Feed based on average cbmodule documents

Resolution

You can try to compute an average on your server based on the cbmodules core by running the following command - adjusting for how far back you want to go and then dividing by the number of days:

curl -g "http://localhost:8080/solr/cbmodules/select?indent=on&q=server_added_timestamp:[NOW-90DAY%20TO%20NOW..." | grep numFound

The query above would collect the content generated in the last 90 days.

Example output:

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

119   238    0   238    0     0   3218      0 --:--:-- --:--:-- --:--:-- 17000

  "response":{"numFound":4210,"start":0,"docs":[]

Or a daily average of 47 documents over the past 90 days.

Related Content

[Updated Date] VirusTotal Threat Feed in Cb Response is being deprecated in favor of the Cb Reputati...

GitHub - carbonblack/cb-virustotal-connector: Cb Response integration with VirusTotal

Custom Threat Feeds: Replace VT Score with Cb Reputation Threat Score

Was this article helpful? Yes No
No ratings
Article Information
Author:
cmichaels
Creation Date:
‎10-27-2017
Views:
1042
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.