Duplicated Server Token Causes Incorrect Reporting and Incorrect Binary Downloads
book
Article ID: 285724
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
SRS Threat and Reputation Trust have reports not associated with binaries in the environment (when sharing binaries), potentially causing no hits when the binary is seen again.
Stats are not being reported correctly to Alliance when sharing
Environment
EDR: All Versions
Cause
When copying the /etc/cb/ directory items to a secondary server or cloning directly from an original server install. This causes duplicated server.tokens that are used by Alliance to uniquely identify the server belonging to the communication