Environment
- EDR Server: 7.4+
- EDR Sensor: 7.x+
- Linux
Question
Does EDR Support VDI for Linux Endpoints?
Answer
Yes, Linux can be configured at the Sensor Group and Global levels.
| Enable VDI Support | |
| | 1. Add the following lines in cb.conf
NewRegistrationCallbackModulePath=/usr/share/cb/plugins/default_new_sensor_registration_callback.py
NewRegistrationCallbackClassName=DefaultNewRegistrationCallback
2. Restart cb-enterprise services or cbcluster. |
| Sensor Group Setting | |
| | 1. Click Sensors in UI navigation bar.
2. Click the Edit Settings tab.
3. On Advanced tab, select the VDI Behavior Enabled checkbox.
4. Click Save Changes button to enable the configuration. |
| Globally VDI for Linux | To create a gold image. |
| | 1. Install the Linux sensor.
2. Stop cbdaemon
systemctl stop cbdaemon
3. Remove any stored binary or event data.
rm -rf /var/opt/carbonblack/response/store/*
rm -rf /var/opt/carbonblack/response/eventlogs/*
4. Enable VDI in sensorsettings.ini
vim /var/opt/carbonblack/response/sensorsettings.ini
VdiEnabled=1
5. Set the Sensor ID to 0 allowing the EDR server to assign new VMs with a new Sensor ID
vim /var/opt/carbonblack/response/config.ini
SensorId=0
SensorIdforDisplay=0
6. Start the cbdaemon in the gold image VM.
systemctl start cbdaemon
|
Additional Notes
- Virtual Desktop Infrastructure (VDI) when enabled allows EDR to correlate the VMs characteristics (i.e., hostname and DNS name) to an existing sensor.
Related Content
