CB Response: How to purge the Yara 1.x database
search cancel

CB Response: How to purge the Yara 1.x database

book

Article ID: 288068

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To purge the Yara database, most typically in order to allow the system to re-scan all binaries in the deployment. 

Environment

  • CB Response: 6.x
  • CB Yara connector 1.x

Resolution

  1. Log into the CB Response master server
  2. Delete: /usr/share/cb/integrations/yara/db/sqlite.db
  3. Restart the Yara connector:  
# service cb-yara-connector restart

 

Additional Information

A new sqlite.db file will be created after the cb-yara-connector process begins. 
Powered by Wolken Software