Carbon Black Cloud: How To Check DeviceID On Endpoint (macOS up to 3.4.x.x)
search cancel

Carbon Black Cloud: How To Check DeviceID On Endpoint (macOS up to 3.4.x.x)


Article ID: 290322


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)


Explain the steps to confirm the DeviceID of a 3.4.x.x or lower Sensor on the machine where it is installed


  • Carbon Black Cloud Sensor: 3.4.x.x and Lower
  • Apple macOS: All Supported Versions


  1. Launch terminal
  2. Use grep to get RegistrationId
    % grep 'RegistrationId' /Applications/
  3. Output will look like

Additional Information

  • Confirming the DeviceID locally on the machine with the Sensor installed can be helpful in troubleshooting issues and reviewing Alerts and other Events within the Carbon Black Cloud Console
  • For example, with the DeviceID you can review Events specific to that single device on the Investigate page by replacing <DeviceID> with the ID retrieved using the above method
  • Searching for device_id on applicable Inventory pages will find the device tied to that registration, regardless of the current hostname
    • device_id is the unique identifier for a given Sensor in relation to VMware Carbon Black Cloud
    • Hostname, IP Address, and Active Directory information are all considered metadata for a device record as they all can be changed
  • Both the RegistrationId and point of presence (PoP) or Backend can be found in the cfg.ini file to ensure a given device is registered to the correct PoP/Backend
    % grep 'BackendServer' /Applications/