The threat intel page is blank or is not updating the feeds when enabled. In the /var/log/cb/coreservices/debug.log the following 400 error is seen.

requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://api.alliance.carbonblack.com/api/v1/feeds/?negative_scores=True&ioc_type_class=True&ioc_type_query=True&version=7.8.0.230722.708

• Carbon Black EDR Server: All Versions

carbonblack-alliance-client.crt is expired

1. From the entitlements page for the EDR licenses, download the .rpm file with 1.0.4 or higher in the filename
   
   1. If the rpm does not exist, reach out to support to generate the RPM file. 
2. Move the .rpm file onto the backend of the EDR server in a terminal session.
3. Run this command to install the certificate.

   rpm -ivh --force <filename>.rpm

4. Restart the EDR services. 

   Standalone:
   /usr/share/cb/cbservice cb-enterprise restart
   
   Cluster:
   /usr/share/cb/cbcluster stop && /usr/share/cb/cbcluster start

• The RPM with 1.0.4 or higher includes a sha256 alliance certificate.