How does the EDR Sensor capture the hostname?
search cancel

How does the EDR Sensor capture the hostname?

book

Article ID: 285993

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How does the EDR Sensor find/determine the hostname of the endpoint?

Environment

  • EDR Sensor: All Versions

Resolution

  •  Linux 

    The Linux Sensor will uses the following API calls 
    gethostbyname and getaddrinfo

  • Windows

    The Windows Sensor will use two API calls
    GetComputerNameW and GetComputerNameEx   

  • MacOS

    The macOS sensor uses the folllowing API call. 
    gethostbyname api

Additional Information

 EDR stores the local computer name and the DNS resolved hostname in Postgres. It also stores the following:

  • computer_name
  • computer_dns_name
  • computer_sid
  • network_adapters
Powered by Wolken Software