EDR: Is there a workaround to alert for sensors that have not checked in for a certain period of time?
book
Article ID: 290518
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Is there a way to be alerted if a sensor has not checked in for a period of time?
Environment
- EDR Server: All Versions
- EDR Sensor: All Versions
Resolution
- There is no feature within the product to alert for inactive sensors.
- The sensor_registrations postgres table has a last_checkin_time column which reports the last time a sensor checked in and could be queried regularly
- The API offers a query for all sensors, /api/v1/sensor/, which would include the last_checkin_time field
Feedback
thumb_up
Yes
thumb_down
No