Carbon Black Cloud: How to check current dynamic Sensor Management Content Manifests (Linux)
Article ID: 292545
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Provide steps to check on the current revision of dynamic detection and prevention features (management content manifests) and the last date and time it was updated for a given Sensor.
Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard
- Enterprise EDR
- Audit & Remediation
- Workload
- Carbon Black Cloud Sensor: 2.12.x.x and Higher
- Linux: All Supported Versions
Resolution
- Launch terminal emulator
- Check for current ruleset revision
sudo grep -Ein --color "tarefreshpolicy.*revision\:" /var/opt/carbonblack/psc/log/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B40/threat_hunter_log.txt
- Output will show versions/revisions in use
<line>:[YYYY-MM-DD hh:mm:ss.ssssss]... ThMgr : TARefreshPolicy : Linux TH Ruleset Revision: <rev#> <line>:[YYYY-MM-DD hh:mm:ss.ssssss]... ThMgr : TARefreshPolicy : Linux Defense Ruleset Revision: <rev#> <line>:[YYYY-MM-DD hh:mm:ss.ssssss]... ThMgr : TARefreshPolicy : Linux HashBan Ruleset Revision: <rev#>
Additional Information
- Each ruleset revision will have a number if the Sensor is getting updated regularly
Linux TH Ruleset Revision: <rev#> Linux Defense Ruleset Revision: <rev#> Linux HashBan Ruleset Revision: <rev#>
- Organizations with Endpoint Standard or without Enterprise EDR will see Linux HashBan Ruleset Revision with a value of 0
Linux HashBan Ruleset Revision: 0
Feedback
Yes
No
Powered by
