EDR: How To Install Yara Connector When Server is not Connected to Internet
search cancel

EDR: How To Install Yara Connector When Server is not Connected to Internet

book

Article ID: 286372

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to install Yara Connector when EDR server does not have internet access.

Environment

  • EDR (formerly known as CB Response Server): All Versions
  • Yara Connector: Version 1.3

Resolution

  1. Download the Yara Connector .rpm file on to a Linux box with internet access:
curl -Ok https://opensource.carbonblack.com/release/x86_64/python-cb-yara-connector-1.3-6.x86_64.rpm
  1. Move the .rpm onto the offline box
  2. Install the rpm with yum and configure the Yara connector:
    1. Copy 'python-cb-yara-connector-1.3-6.x86_64.rpm' file to '/etc/yum.repos.d' directory
    2. Run following command to install connector: yum install python-cb-yara-connector
    3. Copy '/etc/cb/integrations/yara/connector.conf.example' to '/etc/cb/integrations/yara/connector.conf'
    4. Place the Carbon Black API key into the 'carbonblack_server_token' variable
    5. Place the Carbon Black Server's base URL into the 'carbonblack_server_url' variable
    6. Point the Yara connector to a directory of Yara rule files by editing the 'yara_rule_directory' variable (A set of example rules are included in the /usr/share/cb/integrations/yara/example_rules directory)
    7. Start 'cb-yara-connector' service by running following command as 'root' user:
service cb-yara-connector start

 
Powered by Wolken Software