logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR Server: Automatically Filter Inactive Sensors from the User Interface (7.1.1 and below)

EDR Server: Automatically Filter Inactive Sensors from the User Interface (7.1.1 and below)

Environment

  • EDR Server: 5.1.1-7.1.1 version

Objective

Enable automated filtering of sensors from the user interface after a set period of inactivity

Resolution

  1. Stop cb-enterprise services
    • Single server: service cb-enterprise stop
    • Clustered server: /usr/share/cb/cbcluster stop
  2. Edit /etc/cb/cb.conf and add the following line 
    SensorLookupInactiveFilterDays=30
  3. Start cb-enterprise services
    • Single server: service cb-enterprise start
    • Clustered server: /usr/share/cb/cbcluster start

Additional Notes

  • Ensure the SensorLookupInactiveFilterDays value established matches the data retention period configured for the environment
  • When an inactive sensor is filtered, any remaining associated event data for that sensor will no longer be accessible via the user interface
  • Cloud instances have SensorLookupInactiveFilterDays enabled by default with a 60 days value
  • This setting is replaced by "Sensor Display Settings" feature on UI > Sensors page from server version 7.2.0.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-24-2018
Views:
2654
Contributors
logo