Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Feeds Do not Import Successfully Into an Air-Gapped EDR Container Install

EDR: Feeds Do not Import Successfully Into an Air-Gapped EDR Container Install

Environment

  • Containerized EDR Server:7.8.0
  • Linux: All Supported

Symptoms

  • There is no error message when attempting to import feeds outside of the container, but the feeds do not show in the UI after importing
  • When attempting to import the feeds from inside the container you receive the following error
    Importing Threat Intelligence feeds from /root/feeds
    Expecting value: line 1 column 1 (char 0)
    Traceback (most recent call last):
      File "/usr/share/cb/virtualenv/lib/python3.10/site-packages/requests/models.py", line 971, in json
        return complexjson.loads(self.text, **kwargs)
      File "/usr/share/cb/virtualenv/lib/python3.10/site-packages/simplejson/__init__.py", line 525, in loads
        return _default_decoder.decode(s)
      File "/usr/share/cb/virtualenv/lib/python3.10/site-packages/simplejson/decoder.py", line 370, in decode
        obj, end = self.raw_decode(s)
      File "/usr/share/cb/virtualenv/lib/python3.10/site-packages/simplejson/decoder.py", line 400, in raw_decode
        return self.scan_once(s, idx=_w(s, idx).end())
    simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Cause

  • The cause of this issue is incorrect information returned by the import API
  • The API looks for feeds in a Postgres feeds table which does not have any data, this then returns an error

Resolution

A workaround for this issue is to import a single feed manually through the Web Console and then the cbfeeds import will work as expected

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-21-2023
Views:
117
Contributors