Cb Response - Identify endpoints with sensor not running
Log In or Register to download the BES file, and more.

1 Votes

Description

This Fixlet will become relevant on endpoints where the Cb Response Sensor is installed, but not currently running.  Use it within a policy action to ensure the Sensor stays running.

Property Details

ID21664
StatusProduction - Fully Tested and Ready for Production
TitleCb Response - Identify endpoints with sensor not running
CategoryApplication Maintenance
SourceCarbon Black
Source SeverityCritical
Source Release Date1/21/2016 12:00:00 AM
KeywordsIBM BigFix & Carbon Black Integration Content
Added by on 9/16/2016 11:50:40 AM
Last Modified by on 9/16/2016 11:56:39 AM
Counters 6834 Views / 141 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 1 rating. ** Log In or Register to add your rating.

Relevance

Used in 75 fixlets and 6 analyses   * Results in a true/false
Show indented relevance
version of client >= "9.0"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
if (windows of operating system) then (exists keys whose (value "DisplayName" of it = "Carbon Black Sensor") of key "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall" of registry) else (exists package "cbsensor" of rpm)
Used in 1 fixlet   * Results in a true/false
Show indented relevance
if (windows of operating system) then (state of service whose (display name of it = "Carbon Black Sensor") = "Stopped") else (not exists process "cbdaemon")
Used in 4 fixlets and 1 analsis   * Results in a true/false
Show indented relevance
(windows of operating system) OR (exists match (regex "Linux CentOS (6|7)") of name of operating system) OR ((name of operating system starts with "Linux Red Hat") AND (exists file "/etc/redhat-release" whose (exists line whose (exists match (regex "Red Hat Enterprise Linux (Client|Server|Workstation) release 6|7") of it) of it) AND NOT exists file "/etc/vmware-release" whose (exists line whose (it contains "VMware ESX") of it) AND NOT exists file "/etc/enterprise-release" whose (exists line whose (it contains "Enterprise Linux Enterprise Linux") of it)))

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script 
if {windows of operating system}
    parameter "ServiceName" = "carbonblack"

    delete __appendfile 
    delete netquiet.bat 

    appendfile @ECHO OFF 
    appendfile start "" /min /b net %1 %2 /y > NUL 2> NUL 
    move __appendfile netquiet.bat 

    waithidden "{pathname of client folder of site "BESSupport" & "\RunQuiet.exe"}" netquiet.bat start "{parameter "ServiceName" of action}"

    delete netquiet.bat
elseif {(exists match (regex "Linux CentOS (6|7)") of name of operating system) OR ((name of operating system starts with "Linux Red Hat") AND (exists file "/etc/redhat-release" whose (exists line whose (exists match (regex "Red Hat Enterprise Linux (Client|Server|Workstation) release 6|7") of it) of it) AND NOT exists file "/etc/vmware-release" whose (exists line whose (it contains "VMware ESX") of it) AND NOT exists file "/etc/enterprise-release" whose (exists line whose (it contains "Enterprise Linux Enterprise Linux") of it)))}
    wait sh /etc/init.d/cbdaemon start
else
endif
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as