CB Response: How Are Sensor Health Scores Calculated?
Article ID: 287070
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
How are sensor health scores calculated?
Environment
- CB Response: All Versions
- Microsoft Windows: All Supported Versions
- Apple Mac OS: All Supported Versions
- Linux: All Supported Versions
Resolution
The default score for a sensor running without issue is 100, with unhealthy symptoms subtracting from this score for events that fall outside of “healthy range,” based on severity.
- Example: A sensor experiencing high memory usage would be graded based on the below scale.
|
Memory (MB) |
Health Score |
Message |
|
> 50 |
-5 |
Elevated memory usage |
|
> 100 |
-10 |
Elevated memory usage |
|
> 200 |
-20 |
High memory usage |
|
> 512 |
-25 |
Very high memory usage |
|
> 1024 |
-50 |
Excessive memory usage |
Additional Information
- Sensor health messages are not currently available in the console, but can be accessed via SQL queries (and API).
- In CB Response server release 6.2.4, we will provide the sensor health message on the sensor page within the console UI.
- Sensor health messages are provided when the sensor is in an unhealthy state.
- Sensor health scores are generated using a variety of inputs, such as:
- Event Load
- Event Loss
- Disk Space
- Handle Count
- Memory Usage
Feedback
Yes
No
Powered by
