EDR: ThreatConnect Feed only contains old/outdated IOCs
Article ID: 289128
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
ThreatConnect Feed only shows old and outdated IOC reports and does not regularly update like other Threat Intelligence feeds.
Environment
- EDR Server: All Versions
- ThreatConnect built-in feed
Cause
The IOC reports provided by the out-of-box ThreatConnect Intelligence feed are what is provided for free from ThreatConnect (which is normally a paid service) to the CarbonBlack community.
Resolution
With a valid ThreatConnect account (paid service), updated/recent IOCs will be updated via the ThreatConnect connector as per the following: https://github.com/carbonblack/cb-threatconnect-connector.
Additional Information
- Once properly installed and configured, this connector will update with the appropriate IOCs provided by ThreatConnect via its paid service.
- As long as IOCs are displayed, then ThreatConnect is up-to-date and there is no product issue.
Feedback
Yes
No
Powered by
