Version

Carbon Black 5.x

Issue

VirusTotal Threat Intelligence Feed is not updating.

Symptoms

On the server, the update_timestamp for VirusTotal on alliance_feeds table has an old date.

Cause

Sensor group setting was not enabled for VirusTotal.

Solution

On the server, run this query to verify the last update:

psql -d cb -p 5002 -c "select id,name,update_timestamp from alliance_feeds where name = 'VirusTotal';"

On the UI, go to Administration > Sharing Setting and verify that VirusTotal is set to Enabled under Endpoint Activity Sharing.

Go to Administration > Sensors > Edit Settings and check the box for "Search binary hashes with VirusTotal" > Save Changes. Do this on each Sensor groups.