Version
Carbon Black 5.x
Issue
VirusTotal Threat Intelligence Feed is not updating.
Symptoms
On the server, the update_timestamp for VirusTotal on alliance_feeds table has an old date.
Cause
Sensor group setting was not enabled for VirusTotal.
Solution
On the server, run this query to verify the last update:
psql -d cb -p 5002 -c "select id,name,update_timestamp from alliance_feeds where name = 'VirusTotal';"
On the UI, go to Administration > Sharing Setting and verify that VirusTotal is set to Enabled under Endpoint Activity Sharing.
Go to Administration > Sensors > Edit Settings and check the box for "Search binary hashes with VirusTotal" > Save Changes. Do this on each Sensor groups.