CB Response: What are the Strict Validation Mode Requirements by Sensor Platform?
search cancel

CB Response: What are the Strict Validation Mode Requirements by Sensor Platform?

book

Article ID: 285732

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

What are the Strict Validation Mode Requirements by Sensor Platform?

Environment

  • Carbon Black Response Sensor: 6.2.3 and above
    • Microsoft Windows: All Supported Versions
  • Carbon Black Response Sensor: 6.2.5 and above
    • Apple macOS: All Supported Versions

Resolution

RequirementmacOS Sensor 6.2.5+macOS Sensor 6.2.7+Windows Sensor 6.2.3+

Exact certificate match

(Certificate pinning)

YesYesYes
Expiration dataYesYesYes
Certificate Validation Chain-YesYes

Hostname matches

(SAN=)

* See additional notes

-YesYes
Revocation Check---

Key Usage is Server Auth

(1.3.6.1.5.5.7.3.1)

-YesYes

Additional Information

  • Windows XP, Windows Vista, and Server 2003 will not support TLS certificate swap. These sensors should be using 6.1.x versions
  • Linux sensor currently do not support this feature. Please follow the product announcements section in the User Exchange for updates on this support.
  • The SAN must be different from the server FQDN and each group must have different entries. This feature uses virtual hosts, DNS does mapping is not needed, the sensor takes care of this via the host file. You can use any SAN. For example
    • Sensor Cert 1 SAN: cb1, cb2 
    • Sensor Cert 2 SAN: cb3, cb4