logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR Server: How to remove historic sensors from the WebUI (v5.1.1+)

EDR Server: How to remove historic sensors from the WebUI (v5.1.1+)

Environment

  • EDR Server Console

Objective

How to remove offline sensors that still appear in the WebUI

Resolution

  1. Connect to the Cb Response cluster Master server via SSH
vi /etc/cb/cb.conf
  1. Add the following value to the bottom of the file:
    • SensorLookupInactiveFilterDays=30
  2. Save the cb.conf file
  3. You will need to restart CB for the change to take effect- https://community.carbonblack.com/t5/Knowledge-Base/Cb-Response-How-to-restart-services/ta-p/41294

Additional Notes

  • When 'SensorLookupInactiveFilterDays' is set to 0, it is not active (disabled)
  • All disconnected sensors for longer than the value will be removed from view in the WebUI, but their entry in the database table will remain
  • Documents and Events related to removed sensors will still exist in the SOLR database

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎03-03-2023
Views:
131
Contributors
logo