EDR: Error when adding Threat Feed: "Server error due to malformed syntax"

search cancel

EDR: Error when adding Threat Feed: "Server error due to malformed syntax"

book

Article ID: 288116

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

When creating a new Threat Intelligence Feed (EDR web interface > Threat Intelligence > Add new Feed), an error is returned: "Server error due to malformed syntax"

Environment

EDR 7.x and Higher
CBAPI

Cause

The provided Feed URL does not contain data with the current syntax or format.

Resolution

Refer to the EDR User Guide:

A threat intelligence feed can be created in any language that allows for building JSON, or you can build it by hand. One way to build a feed is to use the Carbon Black Feeds API (CBFAPI), which is located on github at:

https://github.com/carbonblack/cbfeeds.

The CBFAPI is a collection of documentation, example scripts, and a helper library to help create and validate Carbon Black EDR feeds. Regardless of how a feed is created, the feed file must match the feed structure (or schema) that the Feed Structure section of the CBFAPI documentation defines.

Refer to the CBAPI documentation on GitHub for specific information on the required feed format.

Feedback

thumb_up Yes

thumb_down No