logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Response: Can I add multiple Sensor Groups via the database?

Cb Response: Can I add multiple Sensor Groups via the database?

Environment

  • Cb Response: All Versions

Question

Our environment needs to bulk add Sensor Groups, can this be done via the database?

Answer

Creating a group via the database is not supported and can have severe consequences. When a group is created via the UI, multiple tables within the cb database are updated with information, including group certificates.

Groups should be created either through the UI or API to ensure proper table updates and cert generation.

Additional Notes

If you do attempt creating Sensor Groups via direct database update, you will see sensors fail to check in with 500 errors in /var/log/cb/nginx/access.log

/var/log/cb/sensorservices/debug will show an error similar to the following. This indicates there is no group certificate in the database that matches the sensor group.

2017-11-16 17:21:52 <err> cb.sensor.engine - Sensor[#####]: Group cert (id: ##) not found in cache 
2017-11-16 17:21:52  <err> cb.flask.sensor_app - Exception on /sensor/checkin/#####[POST] 
Traceback (most recent call last): 
File "/usr/lib/python2.6/site-packages/flask/app.py", line 1687, in wsgi_app 
response = self.full_dispatch_request() 
File "/usr/lib/python2.6/site-packages/flask/app.py", line 1360, in full_dispatch_request 
rv = self.handle_user_exception(e) 
File "/usr/lib/python2.6/site-packages/flask/app.py", line 1358, in full_dispatch_request 
rv = self.dispatch_request() 
File "/usr/lib/python2.6/site-packages/flask/app.py", line 1344, in dispatch_request 
return self.view_functions[rule.endpoint](**req.view_args) 
File "/usr/lib/python2.6/site-packages/cb/flask/blueprints/sensor_blueprint.py", line 83, in inner 
File "/usr/lib/python2.6/site-packages/cb/flask/blueprints/sensor_blueprint.py", line 167, in checkin 
File "/opt/jenkins/build/workspace/build-cbent-signed-docker-6.1.2-respin/code/coreservices/src/cb/utils/decorators.py", line 36, in wrapper 
File "/opt/jenkins/build/workspace/build-cbent-signed-docker-6.1.2-respin/code/coreservices/src/cb/sensor/engine.py", line 1101, in checkin 
File "/usr/lib64/python2.6/contextlib.py", line 34, in __exit__ 
self.gen.throw(type, value, traceback) 
File "/opt/jenkins/build/workspace/build-cbent-signed-docker-6.1.2-respin/code/coreservices/src/cb/sensor/engine.py", line 125, in sensor_activity_tracker 
File "/opt/jenkins/build/workspace/build-cbent-signed-docker-6.1.2-respin/code/coreservices/src/cb/sensor/engine.py", line 961, in checkin 
File "/opt/jenkins/build/workspace/build-cbent-signed-docker-6.1.2-respin/code/coreservices/src/cb/sensor/engine.py", line 291, in _get_cache_sensor 
AttributeError: 'NoneType' object has no attribute 'id'

Related Content

Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
iblackburn
Creation Date:
‎12-29-2017
Views:
838
Contributors
logo