Environment
Cb Response 6.1.x
Objective
Determine the license size to purchase for the Virustotal Feed based on average cbmodule documents
Resolution
You can try to compute an average on your server based on the cbmodules core by running the following command - adjusting for how far back you want to go and then dividing by the number of days:
The query above would collect the content generated in the last 90 days.
Example output:
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 119 238 0 238 0 0 3218 0 --:--:-- --:--:-- --:--:-- 17000 "response":{"numFound":4210,"start":0,"docs":[] |
Or a daily average of 47 documents over the past 90 days.
Related Content
[Updated Date] VirusTotal Threat Feed in Cb Response is being deprecated in favor of the Cb Reputati...
GitHub - carbonblack/cb-virustotal-connector: Cb Response integration with VirusTotal
Custom Threat Feeds: Replace VT Score with Cb Reputation Threat Score