Version

This solution applies to Carbon Black versions less than 5.0.

Issue

Email notifications for the Watchlist "Alliance: VirusTotal Score > 3" are received at 3:55 AM.

Solution

This is a known issue, and the fix is included in v5.0. Workaround the issue by adding an additional cron job. Perform the following:

1. Create a backup of the file:

/etc/cb/cron/cb.cron.template

2. Add the following two new lines to the cb.cron.template file:

# ENT-3729 - VirusTotal cron job to fix 3:55 AM emails. 38 * * * * root /usr/bin/python -m cb.maintenance.job_runner --master -s feed_search --tag --iocs md5 --feed VirusTotal --min-date=$(date -u --date='1 day ago' +\%s) >> /var/log/cb/job-runner/startup.out 2>&

3. Restart the services:

service cb-enterprise restart

4. Ensure that the file was update with these new lines from the template file:

/etc/cron.d/cb

5. Confirm the notifications are also received outside of 3:55 AM.