Issue
Regarding the "Endpoints missing a sensor" filter in Red Canary. Can this be used to identify endpoints in the environment that are active but do not have a sensor installed? What are the parameters and/or limitations of this filter?
Environment
Red Canary
VMware Carbon Black EDR / Cloud
Resolution
For most users, this filter will only find endpoints that have had their sensor uninstalled. For example, Carbon Black will only send Red Canary telemetry for endpoints that have a sensor, so it’s impossible for us to see endpoints that don’t have a sensor except in cases where the Carbon Black sensor has been uninstalled.
Also see Monitoring Sensor Health and Connection to Red Canary
Comments
0 comments
Please sign in to leave a comment.