CB Response: Watchlist query missing when generated from a feed
search cancel

CB Response: Watchlist query missing when generated from a feed

book

Article ID: 290602

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Watchlists created from a Threat Intelligcene Feed have a query of cb.urlver=1
  • Error in job-runner logs 
    • ERROR: [watchlist_search] ERROR: Required parameter 'search_query' is missing from watchlist 354 (SRSThreat Watchlist).

       

Environment

  • CB Response Server: 6.2.3
  • Linux: All Supported Versions

Cause

This is due to a know issue, CB-20781

Resolution

Upgrade to CB Response Server 6.2.4 or higher

Additional Information

Threat Intelligence Feed results can still be added to manually created watchlists 
Powered by Wolken Software