Carbon Black Cloud: Starting Live Response Session on New Linux Sensors Results in Status Code 403
search cancel

Carbon Black Cloud: Starting Live Response Session on New Linux Sensors Results in Status Code 403

book

Article ID: 291744

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

  • Linux Sensor is successfully installed
  • Sensor checks in and is connected to the Carbon Black Cloud Console
  • Selecting the "Go Live" optionĀ for this Sensor results in an error with Status Code 403

Environment

  • Carbon Black Cloud Console: All supported versions
  • Carbon Black Cloud Linux Sensor: All supported versions
  • RHEL/Cent OS: All supported versions
  • Ubuntu: All supported versions
  • SUSE: All supported versions
  • Amazon Linux: supported versions

Cause

The policy applied to this Sensor does not have Live Response enabled

Resolution

Move the Sensor to an existing or new policy with LR enabled

Additional Information

  • The default policy for a Sensor is the Standard policy
  • The Standard policy has LR disabled by default
Powered by Wolken Software