EDR: How Does EDR Calculate Host Uptime and Sensor Uptime?
Article ID: 288944
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
How does EDR calculate Host Uptime and Sensor Uptime?
Environment
- EDR: All supported versions
- Hosted EDR: All Versions
Resolution
Sensor Uptime
- Sensor Uptime is updated by OS API when the sensor checks in. The value is not necessarily cleared when the sensor goes offline.
- So it is a representation of the information known about the uptime of the endpoint at the last point in time when the sensor was online and connected to the console.
- This is not information that is collected and uploaded to the console independent of the sensors online status.
- A machine that is "offline" and unable to communicate with the primary node will not update the "uptime" information in the console.
Host Uptime
- EDR pulls uptime from OS API.
Feedback
Yes
No
Powered by
