Cb Response Cloud: Binary hash sharing not enabled and Malicious processes not given threat score
search cancel

Cb Response Cloud: Binary hash sharing not enabled and Malicious processes not given threat score

book

Article ID: 288092

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • "Share Binary hashes with Carbon Black" is disabled in the Sensors > Group > Sharing settings. 
  • Malicious processes are not being tagged by Cb Reputation or other Threat Feeds. 

Environment

  • Cb Response Cloud (6.2.x)

Cause

Malicious processes won't be given a Cb Reputation score if binary hash sharing is disabled. Sharing hashes should always be enabled for all Cb Response Cloud customers. In some cases, for reasons unknown, some sensor groups may not have this field enabled. 

Resolution

  1. Identify the group ID value for the affected sensor group
  2. Open a case with Cloud Ops and ask them to run the following Postgres commands:
INSERT INTO alliance_data_sharing (date_added, date_deleted, active, group_id, who, what) VALUES (now()::timestamptz, NULL, true, <Sensor Group ID>, 'BIT9', 'HASH');
and 
INSERT INTO alliance_data_sharing (date_added, date_deleted, active, group_id, who, what) VALUES (now()::timestamptz, NULL, true, <Sensor Group ID>, 'BIT9', 'BIN');
Be sure to replace <Sensor Group ID> with the ID from step 1. 
 
Powered by Wolken Software