Enterprise EDR: How Frequently are Watchlist Feeds Updated?
search cancel

Enterprise EDR: How Frequently are Watchlist Feeds Updated?

book

Article ID: 287090

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How Often are Watchlist Feeds Modified? 

Environment

  • Enterprise EDR Console: All Versions

Resolution

  • How frequently the watchlist feed is updated depends on the feed in question. 
  • Some watchlist feeds are rare to update, as they are looking for behaviors that do not change very often. 
  • Other watchlist feeds like 'TOR IP list' receive an update every 30 minutes. 

Additional Information

  • Navigate to Console >> Enforce (Watchlists) >> Select  Watchlist Report >> Drill-down to report name>> The recent timestamp of last update will appear on the right hand side of the report name. 
  • User-added image
  • Example: Execution - Command And Scripting Interpreter Execution Last updated:9:59:15am, Mar 1, 2022     
Powered by Wolken Software