EDR: Are There Any Best Practices For Allowing Sensors To Check In Over Public Internet?
book
Article ID: 287257
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Are there any best practices for allowing sensors to check-in over public internet?
Environment
- EDR Server: 7.2.0 and Higher
- EDR Sensor: All Supported Versions
Resolution
- The server itself would need to be exposed with a valid IP/DNS, which is not recommended.
Additional Information
- Can setup something like a F5 to be a reverse proxy sitting in front of the server/cluster.
- Look into site throttling to help with the bandwidth usage.
- Disable download of physical binaries in the sensor groups page - these are generally the largest cause of bandwidth usage.
Feedback
thumb_up
Yes
thumb_down
No