EDR: What are the file paths for 6.2.x Linux Sensors?
book
Article ID: 290194
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
What's the file structure for the EDR Linux sensor?
Environment
- EDR Linux Sensor: 6.2.x and Higher
- Linux: All Supported Versions
Resolution
Linux Sensor 6.1.x and OLDER | Linux Sensor 6.2.x and NEWER |
---|
/opt/cbsensor/cbsensor.ko.<version>
|
/opt/carbonblack/response/module/cbsensor.ko.<version>
|
/opt/cbsensor/sensor_top.sh
|
/opt/carbonblack/response/bin/sensor_top.sh
|
/opt/cbsensor/sensordiag.sh
|
/opt/carbonblack/response/bin/sensordiag.sh
|
/opt/cbsensor/sensoruninstall.sh
|
/opt/carbonblack/response/bin/sensoruninstall.sh
|
/var/log/cbsensor/cbdaemon.*.log.*
|
var/opt/carbonblack/response/log/cbdaemon.#.log
|
/var/log/cbsensor/cbdaemon.<level>
|
/var/opt/carbonblack/response/log/cbdaemon.log
|
/var/lib/cb/carbonblack.db
|
/var/opt/carbonblack/response/carbonblack.db
|
/var/lib/cb/config.ini
|
/var/opt/carbonblack/response/config.ini
|
/var/lib/cb/eventlogs/eventlog_<id>
|
/var/opt/carbonblack/response/eventlogs/eventlog_<id>
|
/var/lib/cb/eventlogs/finalized/eventlog_<id>
|
/var/opt/carbonblack/response/eventlogs/finalized/eventlog_<id>
|
/var/lib/cb/sensorsettings.ini
|
/var/opt/carbonblack/response/sensorsettings.ini
|
/var/lib/cb/store/MD5*
|
/var/opt/carbonblack/response/store/MD5*
|
/var/lib/cb/store/md5catalog.dat
|
/var/opt/carbonblack/response/store/md5catalog.dat
|
Feedback
thumb_up
Yes
thumb_down
No