Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

VirusTotal Threat Intelligence Feed is not updating

VirusTotal Threat Intelligence Feed is not updating

Version

Carbon Black 5.x

 

Issue

VirusTotal Threat Intelligence Feed is not updating.

 

Symptoms

On the server, the update_timestamp for VirusTotal on alliance_feeds table has an old date.

 

Cause

Sensor group setting was not enabled for VirusTotal.

 

Solution

On the server, run this query to verify the last update:

psql -d cb -p 5002 -c "select id,name,update_timestamp from alliance_feeds where name = 'VirusTotal';"

 

On the UI, go to Administration > Sharing Setting and verify that VirusTotal is set to Enabled under Endpoint Activity Sharing.

 

Go to Administration > Sensors > Edit Settings and check the box for "Search binary hashes with VirusTotal" > Save Changes. Do this on each Sensor groups.

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-17-2015
Views:
763