Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

ThreatConnect Feed only contains old/outdated IOCs

ThreatConnect Feed only contains old/outdated IOCs

Version
Cb Response 5.x and 6.x


Issue

When navigating to Threat Intelligence>ThreatConnect>Threat Reports, IOC reports are old/outdated (From 2014)


Cause

The IOC reports provided by the out-of-box ThreatConnect Intelligence feed are what is provided for free from Threat Connect (which is normally a paid service) to the CarbonBlack community.  As long as IOCs are displayed, then your ThreatConnect is up-to-date and there is no product issue .

Solution

If you have a valid ThreatConnect account (paid service), you may get updated/recent IOCs via the ThreatConnect Bridge as per the following:

https://github.com/carbonblack/cb-threatconnect-connector

Once you properly install and configure this connector with your ThreatConnect credentials as per the documentation for this bridge, the feed will be updated with the appropriate IOCs provided by ThreatConnect via its paid service.

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎08-16-2017
Views:
563
Contributors