Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: How to Force Sensor to Check Into Console With RepCLI

Endpoint Standard: How to Force Sensor to Check Into Console With RepCLI

Environment

  • Carbon Black Cloud Web Console: All Supported Versions
  • Endpoint Standard Sensor: 3.3.x.x and Higher
  • Microsoft Windows: All Supported Versions

Objective

Force the Sensor to check in with the Web Console utilizing various RepCLI Cloud Commands

Resolution

  1. Log into the machine with a user account that matches the AD User or Group SID configured at the time of sensor install.
  2. Launch a Command Prompt.
  3. Change directory to C:\Program Files\Confer
    cd C:\Program Files\Confer
  4. Enter the following command. If successful, "Successfully scheduled request" will print to the command line
    repcli cloud hello
    
  5. The following table includes all repcli cloud command options and their expected results
    RepCLI Cloud Option
    (not case sensitive)
    Result
    helloSensor to checks in with the Web Console
    QueryConfigSensor checks for update to Policy configuration settings
    QueryRulesSensor downloads and updates Policy rules
    MetadataSensor sends updated system information to the Web Console
    ZipSensor downloads a zipped file containing both Configuration setting and Policy rules and applies new settings
    UninstallCodeSensor checks for an update to the Uninstall Code
    RepConfigSensor downloads and applies Whitelist/Blacklist configuration including IT Tools and Cert Whitelisting
    SensorStateUploads sensor active state to Web Console
    AlarmsUploads any Sensor alarms to Web Console
    DeviceInfoUploads Sensor name and SID to Web Console
    PscReportUploads Cb ThreatHunter messages
    UbsQueryChecks for files that Web Console has requested from Sensor
    UbsUploadBegins upload of any requested files

Additional Notes

  • The command options in the table are not case sensitive and only include capital letters for readability
  • All of the above commands options should be preceeded by "repcli cloud" in the command string
  • Active Directory-based SID authentication is required to run the "repcli cloud" commands
  • While the "repcli cloud" commands will often complete immediately, there may be other queued tasks that will complete first
  • The printed response in the command line of "Successfully scheduled request" reflects the fact that tasks are queued

Related Content


Was this article helpful? Yes No
0% helpful (0/1)
Article Information
Author:
Creation Date:
‎11-27-2018
Views:
12753
Contributors