EDR: Alerts generated for ignored Abuse.ch reports
Article ID: 284795
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Feodo report in Abuse.ch is set to Ignore but continues to send alerts
- Alerts are for old events
Environment
- EDR Server: 6.x and Higher (Formerly CB Response)
Cause
The jobs that tag events is not respecting the Ignore setting - CB-27722
Resolution
- This is resolved in EDR Server 7.5.0
- As a workaround, old binaries can be removed for the server
-
/usr/share/cb/virtualenv/bin/python -m cb.maintenance.job_runner --master feed_search --tag --iocs md5 --scrub --feed abusech
-
Additional Information
The workaround will not prevent alerts for new events related to a binary
Feedback
Yes
No
Powered by
