EDR: How to Enable Verbose Audit Logging
book
Article ID: 288034
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
How to enable verbose audit logging
Resolution
- Log onto the EDR Server through ssh/terminal
- Open /etc/cb/cb/cb.conf
- Add the following line anywhere in the file
EnableExtendedApiAuditLogging=True
- Restart the Server Services EDR: How to restart the server services
Additional Information
- This will capture the API calls being made within the console
- Log location: /var/log/cb/audit
Feedback
thumb_up
Yes
thumb_down
No