Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

EDR Server Console

Objective

How to remove offline sensors that still appear in the WebUI

Resolution

Connect to the Cb Response cluster Master server via SSH

vi /etc/cb/cb.conf

Add the following value to the bottom of the file:
- SensorLookupInactiveFilterDays=30
Save the cb.conf file
You will need to restart CB for the change to take effect- https://community.carbonblack.com/t5/Knowledge-Base/Cb-Response-How-to-restart-services/ta-p/41294

Additional Notes

When 'SensorLookupInactiveFilterDays' is set to 0, it is not active (disabled)
All disconnected sensors for longer than the value will be removed from view in the WebUI, but their entry in the database table will remain
Documents and Events related to removed sensors will still exist in the SOLR database

Related Content

Article Information

Author:

Creation Date:

‎03-03-2023

Views:

320

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.