EDR: The CB Reputation Threat Feed (srsthreat) does not update
search cancel

EDR: The CB Reputation Threat Feed (srsthreat) does not update

book

Article ID: 289990

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

When navigating to the Threat Intelligence > CB Reputation Threat > Threat Reports page, and sorting by "mostly recently updated", the threat reports have not been updated for several weeks or months.

Environment

  • EDR Server (formerly CB Response): All Versions
  • Hosted EDR Server (formerly CB Response Cloud): All Versions

Cause

This is working as intended because the CB Reputation Threat Feed is a server specific feed. Due to the size of the CB Reputation Threat feed, it works differently from other first party feeds: all threat reports are not downloaded locally onto the system unless a hash currently exists or has existed in the past in your environment. 

Resolution

This is working as intended.
Powered by Wolken Software