EDR: Custom Threat Feed not working after update
search cancel

EDR: Custom Threat Feed not working after update

book

Article ID: 287791

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Custom feed not providing updated threat reports.
  • Running curl to verify the Feed ID results in error: 
    curl 'http://127.0.0.1:8080/solr/cbfeeds/select?q=feed_id:XX@wt=json&indent=true'
<?xml version="1.0" encoding="UTF-8"?>
<response>

<lst name="responseHeader">
  <int name="status">400</int>
  <int name="QTime">20</int>
  <lst name="params">
    <str name="q">feed_id:XX@wt=json</str>
    <str name="indent">true</str>
  </lst>
</lst>
<lst name="error">
  <lst name="metadata">
    <str name="error-class">org.apache.solr.common.SolrException</str>
    <str name="root-error-class">org.apache.solr.common.SolrException</str>
  </lst>
  <str name="msg">Invalid Number: XX@wt=json</str>
  <int name="code">400</int>
</lst>
</response>

Environment

  • EDR Server: 6.X

Cause

Misconfigured settings within cbfeeds.

Resolution

Confirm custom feeds are built based on steps provided on theĀ Github page for CBFeeds.
Powered by Wolken Software