EDR: Are There Any Best Practices For Allowing Sensors To Check In Over Public Internet?

EDR: Are There Any Best Practices For Allowing Sensors To Check In Over Public Internet?

search cancel

EDR: Are There Any Best Practices For Allowing Sensors To Check In Over Public Internet?

book

Article ID: 287257

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Are there any best practices for allowing sensors to check-in over public internet?

Environment

EDR Server: 7.2.0 and Higher
EDR Sensor: All Supported Versions

Resolution

The server itself would need to be exposed with a valid IP/DNS, which is not recommended.

Additional Information

Can setup something like a F5 to be a reverse proxy sitting in front of the server/cluster.
Look into site throttling to help with the bandwidth usage.
Disable download of physical binaries in the sensor groups page - these are generally the largest cause of bandwidth usage.

Feedback

thumb_up Yes

thumb_down No