EDR: Cannot import feeds in airgapped server
search cancel

EDR: Cannot import feeds in airgapped server

book

Article ID: 284982

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Terminal shows 500 responses after the script is run
filepath = /home/user/updateFeeds/feeds/tor.json
Failed... tor (Error Code: 500)
  • ​​​/var/log/cb/coreservices/debug.log shows permission denied 
cb.flask.blueprint_helpers - Unhandled exception from API request: [Errno 13] Permission denied: '//home/user/updateFeeds/feeds/Bit9AdvancedThreats.json'

 

Environment

  • EDR Airgapped Server: All Versions
  • Feeds imported with airgap_feed.py

Cause

User permissions are not allowing the script to access the feed files

Resolution

Update permissions on the feeds file path so the user executing the script as well as the cb user have read access.