What are sensor groups?

Sensor groups are used to logically separate your endpoints. Most importantly, sensor configuration is configured and applied at the sensor group level. This configuration includes:

  • Sensor version and upgrade policy
  • Selection of data types that are collected and sent to Carbon Black & Red Canary
  • Support for VDI mode
  • Bandwidth controls on sensor data uploads
  • Which Carbon Black users/groups can access data from those endpoints

These groups can be defined however your organization chooses. Common strategies include: 

  • grouping by platform (ex: VDI Workstations, Linux Servers)
  • grouping by business unit (ex: Marketing, IT)
  • grouping by location (ex: Denver Workstations)

For more information on creating and configuring sensor groups, please refer to the latest Carbon Black Response User Guide.

 
How does Red Canary use sensor groups?

Red Canary synchronizes an endpoint's sensor group name into our platform and displays it throughout the platform. Several of these locations include:

 

The endpoint associated with detections: 

 

Endpoint reporting through the Endpoint Inbox and associated reports:

 

Many Insights & Reports:

 

The Endpoints and Detections APIs:

Did this answer your question?