EDR: What is the meaning of the various URLs in Nginx access.log?
book
Article ID: 284781
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
What is the meaning of the various URLs in Nginx access.log?
Resolution
The URL definitions are the following:
/data/eventlog/ksubmit/<sensor_id> | kernel submit tamper events |
/data/eventlog/reserve/<sensor_id> | request space in the front end queue before submitting eventlogs |
/data/eventlog/submit2/<sensor_id> | sensor submit event data to server |
/data/storefile/check/<sensor_id> | check with server if binary already exists |
/data/storefile/submit/<sensor_id> | sensor submit binary data to server |
/sensor/cblr | Live Response |
/sensor/checkin | sensor check-in with server |
/sensor/register | sensor register with server |
Feedback
thumb_up
Yes
thumb_down
No