- On the EDR server, create the file CbOpenSource.repo
cd /etc/yum.repos.d
curl -O https://opensource.carbonblack.com/release/x86_64/CbOpenSource.repo
- Install the connecter
sudo yum install python-cbtaxii
- Use the supplied sample configuration file as the basis of the configuration file:
cp /etc/cb/integrations/cbtaxii/cbtaxii.conf.example /etc/cb/integrations/cbtaxii/cbtaxii.conf
- From here, one or more TAXII services can be configured. An example configuration file can be seen here
- Once the cbtaxii.conf file has been fully configured, run the cbtaxii command:
/usr/share/cb/integrations/cbtaxii/cbtaxii -c /etc/cb/integrations/cbtaxii/cbtaxii.conf
- After 10 minutes or so, check the Threat Intel page and verify there is a new CBtaxii feed that has been created.