CB Defense: Why isn't the Device Name for an IP Address always correct?
search cancel

CB Defense: Why isn't the Device Name for an IP Address always correct?

book

Article ID: 290609

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Sometimes network connections are seen in the PSC Console and the Device Name shown for the IP Address making or receiving the connection is not correct. Why isn't this information always correct?

Environment

  • CB Defense PSC Console: All Versions
  • CB Defense Sensor: All Versions
  • Microsoft Windows: All Supported Versions
  • Apple macOS: All Supported Versions

Resolution

The CB Defense Sensor caches Display Name for devices when network connections are made, for faster lookup in the future.

Additional Information

This cached information does get updated in certain instances (restarts, significant network changes detected), but that does not always happen on both machines.
Example
Device1 (IP 12.34.56.78), Device2 (IP 12.34.56.79) are on VLAN1, Device3 (IP 12.34.67.89) is on VLAN2
Device1, Device2, and Device3 connect to each other and cache Display Name information for each other
Device3 gets reassigned to VLAN1, gets IP 12.34.56.79 while Device2 gets IP 12.34.56.80
Device3 (IP 12.34.56.79) connects to Device1 (IP 12.34.56.78)
Event from Device1 in PSC Console shows Device2 for IP 12.34.56.79 instead of Device3 as there were no network changes on Device1 (cached info is used)
Device1 is rebooted, resetting cache
Device3 (IP 12.34.56.79) connects to Device1 (IP 12.34.56.78)
Event from Device1 in PSC Console shows Device3 for IP 12.34.56.79