EDR: Are There Any Best Practices For Allowing Sensors To Check In Over Public Internet?
search cancel

EDR: Are There Any Best Practices For Allowing Sensors To Check In Over Public Internet?

book

Article ID: 287257

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Are there any best practices for allowing sensors to check-in over public internet?

Environment

  • EDR Server: 7.2.0 and Higher
  • EDR Sensor: All Supported Versions

Resolution

  • The server itself would need to be exposed with a valid IP/DNS, which is not recommended.

Additional Information

  • Can setup something like a F5 to be a reverse proxy sitting in front of the server/cluster.
  • Look into site throttling to help with the bandwidth usage.
  • Disable download of physical binaries in the sensor groups page -┬áthese are generally the largest cause of bandwidth usage.