Posted on April 13, 2016
This version of the WildFire connector upgrades the WildFire API to the latest version, fixing compatibility problems with both the cloud and on-premise WildFire appliances. The old API used by previous versions of the WildFire connector is no longer supported or available, so all users of the WildFire connector must upgrade for the connector to function.
Also included in this release:
/tmpdirectory was set to noexec, preventing previous versions of the connectors from running properly.
The WildFire connector now automatically retrieves the PDF report for any “greyware” or “malware” binaries. Links to these reports are included in the feed provided to your Carbon Black server. In order for users to access these reports, you must have two items properly configured:
feed_hostoption in the
/etc/cb/integrations/wildfire/connector.conffile must be set to the IP or hostname where the connector is running. This IP/hostname must be accessible from any analyst machines that are used to retrieve the PDF reports.
iptables) must be configured to allow incoming HTTP access to the feed port (default is 3774, set through the
listener_portoption in the configuration file above) so that analyst machines can retrieve the PDF reports.