EDR: Is there a workaround to alert for sensors that have not checked in for a certain period of time?
search cancel

EDR: Is there a workaround to alert for sensors that have not checked in for a certain period of time?

book

Article ID: 290518

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Is there a way to be alerted if a sensor has not checked in for a period of time?

Environment

  • EDR Server: All Versions
  • EDR Sensor: All Versions

Resolution

  • There is no feature within the product to alert for inactive sensors.
  • The sensor_registrations postgres table has a last_checkin_time column which reports the last time a sensor checked in and could be queried regularly
  • The API offers a query for all sensors, /api/v1/sensor/, which would include the last_checkin_time field