EDR: ThreatConnect playbook connector not updating threat reports on incremental sync
Article ID: 289084
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- The feeds for the ThreatConnect playbook connector only sync every 24 hours during the cron for the FULL sync.
- Incremental syncs run via the cron job do not update the ThreatConnect threat reports
Environment
- EDR Server: All Versions
- ThreatConnect Playbook Connector
Cause
The timestamps in the ThreatConnect json data are not being updated correctly by ThreatConnect.
Resolution
The ThreatConnect playbooks must be setup to regularly update the timestamps in the json files when changes are applied. The feed sync job will only pull new infromation when the timestamp shows a value that is past the time it last synced.
Feedback
Yes
No
Powered by
