Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

How large a licence should I buy for the Virustotal Connector?

How large a licence should I buy for the Virustotal Connector?

Environment

Cb Response 6.1.x

Objective

Determine the license size to purchase for the Virustotal Feed based on average cbmodule documents

Resolution

You can try to compute an average on your server based on the cbmodules core by running the following command - adjusting for how far back you want to go and then dividing by the number of days:

curl -g "http://localhost:8080/solr/cbmodules/select?indent=on&q=server_added_timestamp:[NOW-90DAY%20TO%20NOW..." | grep numFound

The query above would collect the content generated in the last 90 days.

Example output:

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

119   238    0   238    0     0   3218      0 --:--:-- --:--:-- --:--:-- 17000

  "response":{"numFound":4210,"start":0,"docs":[]

Or a daily average of 47 documents over the past 90 days.

Related Content

[Updated Date] VirusTotal Threat Feed in Cb Response is being deprecated in favor of the Cb Reputati...

GitHub - carbonblack/cb-virustotal-connector: Cb Response integration with VirusTotal

Custom Threat Feeds: Replace VT Score with Cb Reputation Threat Score

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎10-27-2017
Views:
529