EDR: Cannot import feeds in airgapped server
book
Article ID: 284982
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Terminal shows 500 responses after the script is run
filepath = /home/user/updateFeeds/feeds/tor.json
Failed... tor (Error Code: 500)
- /var/log/cb/coreservices/debug.log shows permission denied
cb.flask.blueprint_helpers - Unhandled exception from API request: [Errno 13] Permission denied: '//home/user/updateFeeds/feeds/Bit9AdvancedThreats.json'
Environment
- EDR Airgapped Server: All Versions
- Feeds imported with airgap_feed.py
Cause
User permissions are not allowing the script to access the feed files
Resolution
Update permissions on the feeds file path so the user executing the script as well as the cb user have read access.
Feedback
thumb_up
Yes
thumb_down
No