EDR: What changes are implemented on the Linux machine after sensor installation?

EDR: What changes are implemented on the Linux machine after sensor installation?

search cancel

EDR: What changes are implemented on the Linux machine after sensor installation?

book

Article ID: 288491

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

What changes are implemented on the Linux machine after sensor installation?

Environment

EDR(Formerly Carbon Black Response) Sensor: All Supported Versions

Resolution

The sensor has its own configuration files but does not modify any system level settings or libraries.
The sensor daemon has privileges and there is a kernel module that "hooks" into some system calls or a eBPF module that uses APIs to capture data.
The sensor may install some kernel packages that we need to capture events on some Operating Systems.

Feedback

thumb_up Yes

thumb_down No