EDR: How to Use Live Response to Collect Sensor Diags
search cancel

EDR: How to Use Live Response to Collect Sensor Diags

book

Article ID: 285288

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To obtain sensor/endpoint diagnostics with the help of CB response Live response (CBLR)
 

Environment

  • EDR Server: 6.0.1 and Higher (formerly CB Response)
  • Microsoft Windows: All Supported Versions
  • 7zip

 

Resolution

6.2.2 and Above:

  1. Open Live response session from EDR Console.
  2. Generate sensor diagnostics by running the following command: 
    • execfg sensordiag.exe --type CDE
  3. Obtain the .zip by running  
    • get C:\Windows\CarbonBlack\diags\<filename>.zip
  4. A pop up will be prompt you to save the file.

Sensor Version 6.2.1 and Below:

  1. Open Live response session from EDR Console.
  2. Generate sensor diagnostics by running the following command: 
    • execfg sc control carbonblack 200
  3. Confirm that diagnostics logs have been generated at C:\windows\carbonblack\diagnostics  by checking that there is a list of current .log files there.
  4. Zip the diagnostic directory by running the following command from 7zip installation directory: 
    • execfg 7zG a -tzip diagnostics.zip C:\windows\carbonblack\diagnostics
    • Example:
    • C:\Program Files\7-zip>  7zG a -tzip diagnostics.zip C:\windows\carbonblack\diagnostics
  5. Obtain the resultant .zip file by running: 
    • C:\windows\carbonblack>  get diagnostics.zip
  6. A pop up will be prompt you to save the file

Additional Information

7zip can be downloaded from https://www.7-zip.org/download.html and can be pushed on to the endpoint using the CB Live Response.


 
Powered by Wolken Software