Threat Intelligence feeds that are updated by Carbon Black versus 3rd Parties
search cancel

Threat Intelligence feeds that are updated by Carbon Black versus 3rd Parties

book

Article ID: 285690

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

What Threat Intelligence Feeds are updated by Carbon Black and which ones are updated by 3rd Parties?

Environment

  • EDR Server: All Versions
  • Threat Intelligence Feeds

Resolution

  • Carbon Black
    • Requires Binary Sharing
      • Reputation Trust
      • Reputation Threat
    • Does not require Binary Sharing to update
      • Advanced Threat
      • Early Access
      • Endpoint Visibility
      • Suspicious Feeds
      • Banning Events
      • Community
      • EMET Protection
      • Tamper Detection
      • Known IOC Feed
      • Cb Inspection (No longer supported)
  • 3rd Party and Open Source
    • Requires Binary Sharing to update
      • NVD (National Vulnerability Database)
    • Does not require Binary Sharing to update
      • Abuse.ch
      • Alienvault Open Threat Exchange (OTX)
      • ThreatExchange
      • SANS
      • TOR
      • ThreatConnect
      • Att&ck Framework



 

Additional Information

  • 3rd Party and Open Source are not owned or updated by the EDR product. The 3rd party provider is responsible for updating the feeds
  • The EDR tool utilizes a JSON format to receive the feed data and store it in Solr. Some of the 3rd party feeds utilize an API where the data is converted via a connector that converts to the correct JSON format. The update may fail if the vendor changes the API's or format they are sending in
  • Feeds that require sharing of binaries may not update. These only update if a suspected hash matches what is in the databases as possibly malicious.