EDR: What is the meaning of the various URLs in Nginx access.log?
search cancel

EDR: What is the meaning of the various URLs in Nginx access.log?

book

Article ID: 284781

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

What is the meaning of the various URLs in Nginx access.log?

Environment

  • EDR Server: All Versions

Resolution

The URL definitions are the following:
 
/data/eventlog/ksubmit/<sensor_id>kernel submit tamper events
/data/eventlog/reserve/<sensor_id>request space in the front end queue before submitting eventlogs
/data/eventlog/submit2/<sensor_id>sensor submit event data to server
/data/storefile/check/<sensor_id>check with server if binary already exists
/data/storefile/submit/<sensor_id>sensor submit binary data to server
/sensor/cblrLive Response
/sensor/checkinsensor check-in with server
/sensor/registersensor register with server