logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

VirusTotal Threat Intelligence Feed is not updating

VirusTotal Threat Intelligence Feed is not updating

Version

Carbon Black 5.x

 

Issue

VirusTotal Threat Intelligence Feed is not updating.

 

Symptoms

On the server, the update_timestamp for VirusTotal on alliance_feeds table has an old date.

 

Cause

Sensor group setting was not enabled for VirusTotal.

 

Solution

On the server, run this query to verify the last update:

psql -d cb -p 5002 -c "select id,name,update_timestamp from alliance_feeds where name = 'VirusTotal';"

 

On the UI, go to Administration > Sharing Setting and verify that VirusTotal is set to Enabled under Endpoint Activity Sharing.

 

Go to Administration > Sensors > Edit Settings and check the box for "Search binary hashes with VirusTotal" > Save Changes. Do this on each Sensor groups.

Was this article helpful? Yes No
No ratings
Article Information
Author:
klazaga
Creation Date:
‎12-17-2015
Views:
1026
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.