EDR: How does the sensor determine what is the host_type of a device
Article ID: 287465
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
How does the sensor determine what is the host_type of a device?
Environment
- EDR sensor: All supported versions
- Windows: All supported OS
Resolution
The "host_type" is collected from the structure under wProductType under OSVERSIONINFOEXA structure, more details can be found here:
https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-osversioninfoexa?redirectedfrom=MSDN#remarks
https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-osversioninfoexa?redirectedfrom=MSDN#remarks
Feedback
Yes
No
Powered by
