Environment
- EDR: 7.x and Higher
- EDR Sensor: 7.x and Higher
Objective
To get the sensor ID for a specific endpoint.
Resolution
Get the Sensor ID from the EDR Server UI
- Log into the Server UI.
- Click "Sensors" on the menu > Click on the affected Sensor to browse to the Host Details page.
- Look at the URL:
https://YOUR_SERVER/#/host/123
In this case, the sensor ID is "123".
Get the Sensor ID from a Windows Sensor
- Log into Windows as an Admin User.
- Look at the registry by running "regedit".
- Look in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\CarbonBlack\config\SensorId
The value shown in the registry is stored in hexadecimal format.
- Take the last 8 digits of the hexadecimal value and convert it to decimal.
- This decimal value is the Sensor ID.
Get the Sensor ID from a Mac OSX Sensor
- Log into OSX as an Admin User.
- Look inside /var/lib/cb/sensor.id
Get the Sensor ID from a Linux Sensor
- Log into the Linux sensor endpoint
- Look inside /var/lib/cb/config
SensorIdForDisplay=123
Additional Notes
Hexadecimal-to-decimal converters can be found online.
Related Content
