EDR: Does EDR Support VDI for Linux Endpoints?

EDR: Does EDR Support VDI for Linux Endpoints?

search cancel

EDR: Does EDR Support VDI for Linux Endpoints?

book

Article ID: 285241

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Does EDR Support VDI for Linux Endpoints?

Environment

EDR Server: 7.4+
EDR Sensor: 7.x+
Linux

Resolution

Yes, Linux can be configured at the Sensor Group and Global levels.

Enable VDI Support
	1. Add the following lines in cb.conf NewRegistrationCallbackModulePath=/usr/share/cb/plugins/default_new_sensor_registration_callback.py NewRegistrationCallbackClassName=DefaultNewRegistrationCallback 2. Restart cb-enterprise services or cbcluster.
Sensor Group Setting
	1. Click Sensors in UI navigation bar. 2. Click the Edit Settings tab. 3. On Advanced tab, select the VDI Behavior Enabled checkbox. 4. Click Save Changes button to enable the configuration.
Globally VDI for Linux	To create a gold image.
	1. Install the Linux sensor. 2. Stop cbdaemon systemctl stop cbdaemon 3. Remove any stored binary or event data. rm -rf /var/opt/carbonblack/response/store/* rm -rf /var/opt/carbonblack/response/eventlogs/* 4. Enable VDI in sensorsettings.ini vim /var/opt/carbonblack/response/sensorsettings.ini VdiEnabled=1 5. Set the Sensor ID to 0 allowing the EDR server to assign new VMs with a new Sensor ID vim /var/opt/carbonblack/response/config.ini SensorId=0 SensorIdforDisplay=0 6. Start the cbdaemon in the gold image VM. systemctl start cbdaemon

Additional Information

Virtual Desktop Infrastructure (VDI) when enabled allows EDR to correlate the VMs characteristics (i.e., hostname and DNS name) to an existing sensor.

Feedback

thumb_up Yes

thumb_down No