Environment
- Carbon Black Cloud Sensor: 3.5.x.x and Higher
- Apple macOS: All Supported Versions
Objective
Explain the steps to confirm the DeviceID of a 3.5.x.x or higher Sensor on the machine where it is installed
Resolution
- Launch terminal
- Use grep to get RegistrationId
% sudo grep -i 'RegistrationId' /Library/Application\ Support/com.vmware.carbonblack.cloud/Config/cfg.ini
- Output will look like
RegistrationId=<org_id>-<device_id>
Example:
RegistrationId=4248-36719442
Additional Notes
- Confirming the DeviceID locally on the machine with the Sensor installed can be helpful in troubleshooting issues and reviewing Alerts and other Events within the Carbon Black Cloud Console
- For example, with the DeviceID you can review Events specific to that single device on the Investigate page by replacing <DeviceID> with the ID retrieved using the above method
https://<DashboardURL>/investigate?selected[deviceId]=<DeviceID>&selected[selectedTab]=DEVICE&s[searchWindow]=ALL&s[c][DEVICE_ID][0]=<DeviceID>
- Searching for device_id on applicable Inventory pages will find the device tied to that registration, regardless of the current hostname
- device_id is the unique identifier for a given Sensor in relation to VMware Carbon Black Cloud
- Hostname, IP Address, and Active Directory information are all considered metadata for a device record as they all can be changed
- Both the RegistrationId and point of presence (PoP) or Backend can be found in the cfg.ini file to ensure a given device is registered to the correct organization and PoP/Backend
% sudo grep -i 'RegistrationId\|BackendServer' /Library/Application\ Support/com.vmware.carbonblack.cloud/Config/cfg.ini
BackendServer=<Device_Services_URL>
RegistrationId=<org_id>-<device_id>
Related Content