How to remove duplicate Threat Intel Feed entries from the Threat Intel Feeds page in the console.

• EDR Server: All Versions

1. Stop the CB services: 

service cb-enterprise stop

2. Start only the Postgres service: 

service cb-pgsql start

3.  Backup the alliance_feeds table: 

pg_dump -C -Fp -t alliance_feeds -f /var/log/cb/case<CASE#>_feeds.sql cb -p 5002

4. Delete the duplicate feed entries by ID. Be sure the <IDOFDUPE> value is the duplicate feed, if the wrong feed is deleted, the backup must be restored: 

psql -d cb -p 5002 -c "delete from alliance_feeds where id = '<IDOFDUPE>';"

5. Start the other CB services: How to restart server services

• Multiple duplicates can be deleted at once by modifying the deletion command to include multiple entries.
• The ID of a duplicate entry can be found in the alliance_feeds table under the ID column