carbonblack / cb-lastline-connector Goto Github PK

Logs show good connection to lastline analysis server. No indication the access key and api token were not acceptable.

sqlite3 query provides amplifying information:
291617757D108D10AB9E2DEDD401A60A|2015-12-14 17:59:22.214944|2015-12-14 17:59:18.001032|2015-12-14 18:01:22.101453||0|10|API error: Analysis API error (104): Invalid Credentials||0||||0|1

When clicking the "View on Lastline" link in CBR they are getting sent to https://user.lastline.customerdomain/malscape/#/task/.

They say the correct URL should be https://user.lastline.customerdomain/portal#/analyst/task/

While trying to build the RPM using "python setup.py bdist_binaryrpm" I get this error. When I look in the cbapi I see that defense models are now under psc, if I change the spec file to use /cbapi/psc/defense/... I can build the RPM fine, but the resulting RPM won't run.

Is there a guide for building and installing from source?

Kind regards,

The integrations should have a way to age out old reports like the FireEye integration has. This could be controlled by an option in the configuration file, or a static setting. Also, scores change, sometimes drastically (usually down). A rescan is really needed like CB does with VirusTotal.