• Configured VDI plugin to match SID and Hostname of the endpoint to existing records, ignoring the FQDN when the sensor checks in without an existing sensor_id.

• EDR Server: All Versions
• EDR Sensor: All Supported 

1. Enable VDI globally by modifying /etc/cb/cb.conf on Master and Minions and set the following as such: 

NewRegistrationCallbackModulePath=/usr/share/cb/plugins/default_new_sensor_registration_callback_sid_hostname.py
NewRegistrationCallbackClassName=DefaultNewRegistrationCallback

2. Make a copy of the default plugin:

cp /usr/share/cb/plugins/default_new_sensor_registration_callback.py /usr/share/cb/plugins/default_new_sensor_registration_callback_sid_hostname.py

3. Edit /usr/share/cb/plugins/default_new_sensor_registration_callback_sid_hostname.py and replace the content with the following:

from cb.sensor.NewRegistrationCallback import NewRegistrationCallback
from cb.db.core_models import SensorRegistration


class DefaultNewRegistrationCallback (NewRegistrationCallback):

    @staticmethod
    def get_sensor_id(db_session, sensor_reg_request, logger):
        sensor_host_name = sensor_reg_request.ComputerId.ComputerName
        sensor_dns_name = sensor_reg_request.ComputerId.ComputerDnsName
        sensor_sid = sensor_reg_request.ComputerId.ComputerSid
        sensor = db_session.query(SensorRegistration).filter(SensorRegistration.computer_sid == sensor_sid).filter(SensorRegistration.computer_name==sensor_host_name).order_by(SensorRegistration.last_checkin_time.desc()).first()

        if sensor is not None:
            logger.debug("Found sensor id [%d] for hostname [%s @ %s]" % (sensor.id, sensor_host_name, sensor_dns_name))
            return sensor.id
        else:
            logger.debug("Could not find a sensor id for hostname hostname [%s @ %s]" % (sensor_host_name, sensor_dns_name))
            return 0

4. Restart your standalone server or cluster services to reflect the configuration change.