CB Response: Custom IOC Feed Threat Report not syncing with cluster
search cancel

CB Response: Custom IOC Feed Threat Report not syncing with cluster

book

Article ID: 291245

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • New custom IOC based threat feed is added to the console successfull, but no threat reports show up in the console
  • Job-Runner startup.log has the following error: 
OSError: [Errno 11] Resource temporarily unavailable

Environment

  • CB Response Server: All Versions
  • Custom IOC based threat feed

Cause

The default process limit for all users, except root, is 1024 on RHEL/CentOS

Resolution

  1. On all cluster nodes, edit /etc/security/limits.d/90-nproc.conf file
  2. Change the line with the "*"
    1. Original value: * soft nproc 1024
    2. New value: * soft nproc 2048
  3. After saving the file, the changes should be picked up the next time the cron jobs are kicked off (every 10 minutes). 

Additional Information

The crond log may display the following errors 
(CRON) ERROR (setreuid failed): Resource temporarily unavailable
(cb) ERROR (failed to change user)
Powered by Wolken Software